Import OpenSSL 0.9.8c
authorSimon Schubert <corecode@dragonflybsd.org>
Wed, 6 Sep 2006 12:35:33 +0000 (12:35 +0000)
committerSimon Schubert <corecode@dragonflybsd.org>
Wed, 6 Sep 2006 12:35:33 +0000 (12:35 +0000)
128 files changed:
crypto/openssl-0.9/CHANGES
crypto/openssl-0.9/FAQ
crypto/openssl-0.9/LICENSE
crypto/openssl-0.9/NEWS
crypto/openssl-0.9/README
crypto/openssl-0.9/apps/CA.pl
crypto/openssl-0.9/apps/dsa.c
crypto/openssl-0.9/apps/gendsa.c
crypto/openssl-0.9/apps/genrsa.c
crypto/openssl-0.9/apps/openssl.c
crypto/openssl-0.9/apps/pkcs12.c
crypto/openssl-0.9/apps/progs.h
crypto/openssl-0.9/apps/rsa.c
crypto/openssl-0.9/apps/s_client.c
crypto/openssl-0.9/apps/smime.c
crypto/openssl-0.9/apps/speed.c
crypto/openssl-0.9/crypto/aes/aes.h
crypto/openssl-0.9/crypto/aes/aes_core.c
crypto/openssl-0.9/crypto/aes/aes_ige.c [new file with mode: 0644]
crypto/openssl-0.9/crypto/aes/asm/aes-586.pl
crypto/openssl-0.9/crypto/asn1/a_object.c
crypto/openssl-0.9/crypto/asn1/a_strex.c
crypto/openssl-0.9/crypto/asn1/asn1.h
crypto/openssl-0.9/crypto/asn1/asn1_err.c
crypto/openssl-0.9/crypto/asn1/asn1_gen.c
crypto/openssl-0.9/crypto/asn1/asn1_par.c
crypto/openssl-0.9/crypto/asn1/t_pkey.c
crypto/openssl-0.9/crypto/asn1/tasn_dec.c
crypto/openssl-0.9/crypto/asn1/tasn_enc.c
crypto/openssl-0.9/crypto/bio/bio.h
crypto/openssl-0.9/crypto/bio/bss_conn.c
crypto/openssl-0.9/crypto/bio/bss_file.c
crypto/openssl-0.9/crypto/bn/asm/x86_64-gcc.c
crypto/openssl-0.9/crypto/bn/bn.h
crypto/openssl-0.9/crypto/bn/bn_gf2m.c
crypto/openssl-0.9/crypto/bn/bn_mont.c
crypto/openssl-0.9/crypto/bn/bn_prime.c
crypto/openssl-0.9/crypto/camellia/camellia.c [new file with mode: 0644]
crypto/openssl-0.9/crypto/camellia/camellia.h [copied from crypto/openssl-0.9/crypto/aes/aes.h with 57% similarity]
crypto/openssl-0.9/crypto/camellia/cmll_cbc.c [new file with mode: 0644]
crypto/openssl-0.9/crypto/camellia/cmll_cfb.c [copied from crypto/openssl-0.9/LICENSE with 63% similarity]
crypto/openssl-0.9/crypto/camellia/cmll_ctr.c [copied from crypto/openssl-0.9/crypto/rsa/rsa_depr.c with 50% similarity]
crypto/openssl-0.9/crypto/camellia/cmll_ecb.c [copied from crypto/openssl-0.9/crypto/rsa/rsa_depr.c with 68% similarity]
crypto/openssl-0.9/crypto/camellia/cmll_locl.h [new file with mode: 0644]
crypto/openssl-0.9/crypto/camellia/cmll_misc.c [copied from crypto/openssl-0.9/crypto/rsa/rsa_depr.c with 63% similarity]
crypto/openssl-0.9/crypto/camellia/cmll_ofb.c [copied from crypto/openssl-0.9/LICENSE with 86% similarity]
crypto/openssl-0.9/crypto/comp/c_zlib.c
crypto/openssl-0.9/crypto/dh/dh.h
crypto/openssl-0.9/crypto/dh/dh_err.c
crypto/openssl-0.9/crypto/dh/dh_key.c
crypto/openssl-0.9/crypto/dso/dso.h
crypto/openssl-0.9/crypto/ec/ec.h
crypto/openssl-0.9/crypto/ec/ec2_smpl.c
crypto/openssl-0.9/crypto/ec/ec_asn1.c
crypto/openssl-0.9/crypto/ec/ec_check.c
crypto/openssl-0.9/crypto/ec/ec_curve.c
crypto/openssl-0.9/crypto/ec/ec_err.c
crypto/openssl-0.9/crypto/ec/ec_lib.c
crypto/openssl-0.9/crypto/ec/ec_mult.c
crypto/openssl-0.9/crypto/ec/ecp_smpl.c
crypto/openssl-0.9/crypto/ecdsa/ecs_lib.c
crypto/openssl-0.9/crypto/ecdsa/ecs_sign.c
crypto/openssl-0.9/crypto/engine/eng_padlock.c
crypto/openssl-0.9/crypto/engine/engine.h
crypto/openssl-0.9/crypto/err/err.c
crypto/openssl-0.9/crypto/evp/c_allc.c
crypto/openssl-0.9/crypto/evp/e_camellia.c [copied from crypto/openssl-0.9/crypto/rsa/rsa_depr.c with 58% similarity]
crypto/openssl-0.9/crypto/evp/evp.h
crypto/openssl-0.9/crypto/evp/evp_enc.c
crypto/openssl-0.9/crypto/evp/evp_err.c
crypto/openssl-0.9/crypto/evp/evp_key.c
crypto/openssl-0.9/crypto/evp/p5_crpt2.c
crypto/openssl-0.9/crypto/idea/i_skey.c
crypto/openssl-0.9/crypto/idea/idea.h
crypto/openssl-0.9/crypto/objects/obj_dat.c
crypto/openssl-0.9/crypto/objects/obj_dat.h
crypto/openssl-0.9/crypto/objects/obj_lib.c
crypto/openssl-0.9/crypto/objects/obj_mac.h
crypto/openssl-0.9/crypto/opensslv.h
crypto/openssl-0.9/crypto/perlasm/x86asm.pl
crypto/openssl-0.9/crypto/perlasm/x86unix.pl
crypto/openssl-0.9/crypto/pkcs12/p12_mutl.c
crypto/openssl-0.9/crypto/pkcs7/pk7_smime.c
crypto/openssl-0.9/crypto/rand/rand_unix.c
crypto/openssl-0.9/crypto/rsa/rsa.h
crypto/openssl-0.9/crypto/rsa/rsa_depr.c
crypto/openssl-0.9/crypto/rsa/rsa_eay.c
crypto/openssl-0.9/crypto/rsa/rsa_err.c
crypto/openssl-0.9/crypto/rsa/rsa_gen.c
crypto/openssl-0.9/crypto/rsa/rsa_lib.c
crypto/openssl-0.9/crypto/rsa/rsa_sign.c
crypto/openssl-0.9/crypto/store/str_meth.c
crypto/openssl-0.9/crypto/x509/x509_r2x.c
crypto/openssl-0.9/crypto/x509/x509_vpm.c
crypto/openssl-0.9/crypto/x509v3/pcy_tree.c
crypto/openssl-0.9/crypto/x509v3/v3err.c
crypto/openssl-0.9/crypto/x509v3/x509v3.h
crypto/openssl-0.9/crypto/x86cpuid.pl
crypto/openssl-0.9/doc/openssl.txt
crypto/openssl-0.9/doc/ssleay.txt
crypto/openssl-0.9/doc/standards.txt
crypto/openssl-0.9/e_os2.h
crypto/openssl-0.9/engines/e_cswift.c
crypto/openssl-0.9/engines/e_sureware.c
crypto/openssl-0.9/ssl/d1_clnt.c
crypto/openssl-0.9/ssl/d1_enc.c
crypto/openssl-0.9/ssl/d1_pkt.c
crypto/openssl-0.9/ssl/d1_srvr.c
crypto/openssl-0.9/ssl/s23_clnt.c
crypto/openssl-0.9/ssl/s23_meth.c
crypto/openssl-0.9/ssl/s23_srvr.c
crypto/openssl-0.9/ssl/s2_clnt.c
crypto/openssl-0.9/ssl/s2_lib.c
crypto/openssl-0.9/ssl/s2_srvr.c
crypto/openssl-0.9/ssl/s3_clnt.c
crypto/openssl-0.9/ssl/s3_lib.c
crypto/openssl-0.9/ssl/s3_srvr.c
crypto/openssl-0.9/ssl/ssl.h
crypto/openssl-0.9/ssl/ssl_algs.c
crypto/openssl-0.9/ssl/ssl_asn1.c
crypto/openssl-0.9/ssl/ssl_cert.c
crypto/openssl-0.9/ssl/ssl_ciph.c
crypto/openssl-0.9/ssl/ssl_err.c
crypto/openssl-0.9/ssl/ssl_lib.c
crypto/openssl-0.9/ssl/ssl_locl.h
crypto/openssl-0.9/ssl/ssl_sess.c
crypto/openssl-0.9/ssl/t1_enc.c
crypto/openssl-0.9/ssl/tls1.h

index a84cebf..0cfc559 100644 (file)
  OpenSSL CHANGES
  _______________
 
+ Changes between 0.9.8b and 0.9.8c  [05 Sep 2006]
+
+  *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
+     (CVE-2006-4339)  [Ben Laurie and Google Security Team]
+
+  *) Add AES IGE and biIGE modes.
+     [Ben Laurie]
+
+  *) Change the Unix randomness entropy gathering to use poll() when
+     possible instead of select(), since the latter has some
+     undesirable limitations.
+     [Darryl Miles via Richard Levitte and Bodo Moeller]
+
+  *) Disable "ECCdraft" ciphersuites more thoroughly.  Now special
+     treatment in ssl/ssl_ciph.s makes sure that these ciphersuites
+     cannot be implicitly activated as part of, e.g., the "AES" alias.
+     However, please upgrade to OpenSSL 0.9.9[-dev] for
+     non-experimental use of the ECC ciphersuites to get TLS extension
+     support, which is required for curve and point format negotiation
+     to avoid potential handshake problems.
+     [Bodo Moeller]
+
+  *) Disable rogue ciphersuites:
+
+      - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
+      - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
+      - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
+
+     The latter two were purportedly from
+     draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
+     appear there.
+
+     Also deactive the remaining ciphersuites from
+     draft-ietf-tls-56-bit-ciphersuites-01.txt.  These are just as
+     unofficial, and the ID has long expired.
+     [Bodo Moeller]
+
+  *) Fix RSA blinding Heisenbug (problems sometimes occured on
+     dual-core machines) and other potential thread-safety issues.
+     [Bodo Moeller]
+
+  *) Add the symmetric cipher Camellia (128-bit, 192-bit, 256-bit key
+     versions), which is now available for royalty-free use
+     (see http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html).
+     Also, add Camellia TLS ciphersuites from RFC 4132.
+
+     To minimize changes between patchlevels in the OpenSSL 0.9.8
+     series, Camellia remains excluded from compilation unless OpenSSL
+     is configured with 'enable-camellia'.
+     [NTT]
+
+  *) Disable the padding bug check when compression is in use. The padding
+     bug check assumes the first packet is of even length, this is not
+     necessarily true if compresssion is enabled and can result in false
+     positives causing handshake failure. The actual bug test is ancient
+     code so it is hoped that implementations will either have fixed it by
+     now or any which still have the bug do not support compression.
+     [Steve Henson]
+
+ Changes between 0.9.8a and 0.9.8b  [04 May 2006]
+
+  *) When applying a cipher rule check to see if string match is an explicit
+     cipher suite and only match that one cipher suite if it is.
+     [Steve Henson]
+
+  *) Link in manifests for VC++ if needed.
+     [Austin Ziegler <halostatue@gmail.com>]
+
+  *) Update support for ECC-based TLS ciphersuites according to
+     draft-ietf-tls-ecc-12.txt with proposed changes (but without
+     TLS extensions, which are supported starting with the 0.9.9
+     branch, not in the OpenSSL 0.9.8 branch).
+     [Douglas Stebila]
+
+  *) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support
+     opaque EVP_CIPHER_CTX handling.
+     [Steve Henson]
+
+  *) Fixes and enhancements to zlib compression code. We now only use
+     "zlib1.dll" and use the default __cdecl calling convention on Win32
+     to conform with the standards mentioned here:
+           http://www.zlib.net/DLL_FAQ.txt
+     Static zlib linking now works on Windows and the new --with-zlib-include
+     --with-zlib-lib options to Configure can be used to supply the location
+     of the headers and library. Gracefully handle case where zlib library
+     can't be loaded.
+     [Steve Henson]
+
+  *) Several fixes and enhancements to the OID generation code. The old code
+     sometimes allowed invalid OIDs (1.X for X >= 40 for example), couldn't
+     handle numbers larger than ULONG_MAX, truncated printing and had a
+     non standard OBJ_obj2txt() behaviour.
+     [Steve Henson]
+
+  *) Add support for building of engines under engine/ as shared libraries
+     under VC++ build system.
+     [Steve Henson]
+
+  *) Corrected the numerous bugs in the Win32 path splitter in DSO.
+     Hopefully, we will not see any false combination of paths any more.
+     [Richard Levitte]
+
  Changes between 0.9.8 and 0.9.8a  [11 Oct 2005]
 
   *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
      (part of SSL_OP_ALL).  This option used to disable the
      countermeasure against man-in-the-middle protocol-version
      rollback in the SSL 2.0 server implementation, which is a bad
-     idea.  (CAN-2005-2969)
+     idea.  (CVE-2005-2969)
 
      [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
      for Information Security, National Institute of Advanced Industrial
 
  Changes between 0.9.7h and 0.9.8  [05 Jul 2005]
 
+  [NB: OpenSSL 0.9.7i and later 0.9.7 patch levels were released after
+  OpenSSL 0.9.8.]
+
   *) Add libcrypto.pc and libssl.pc for those who feel they need them.
      [Richard Levitte]
 
      differing sizes.
      [Richard Levitte]
 
+ Changes between 0.9.7j and 0.9.7k  [xx XXX xxxx]
+
+  *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
+     (CVE-2006-4339)  [Ben Laurie and Google Security Team]
+
+  *) Change the Unix randomness entropy gathering to use poll() when
+     possible instead of select(), since the latter has some
+     undesirable limitations.
+     [Darryl Miles via Richard Levitte and Bodo Moeller]
+
+  *) Disable rogue ciphersuites:
+
+      - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
+      - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
+      - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
+
+     The latter two were purportedly from
+     draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
+     appear there.
+
+     Also deactive the remaining ciphersuites from
+     draft-ietf-tls-56-bit-ciphersuites-01.txt.  These are just as
+     unofficial, and the ID has long expired.
+     [Bodo Moeller]
+
+  *) Fix RSA blinding Heisenbug (problems sometimes occured on
+     dual-core machines) and other potential thread-safety issues.
+     [Bodo Moeller]
+
+ Changes between 0.9.7i and 0.9.7j  [04 May 2006]
+
+  *) Adapt fipsld and the build system to link against the validated FIPS
+     module in FIPS mode.
+     [Steve Henson]
+
+  *) Fixes for VC++ 2005 build under Windows.
+     [Steve Henson]
+
+  *) Add new Windows build target VC-32-GMAKE for VC++. This uses GNU make 
+     from a Windows bash shell such as MSYS. It is autodetected from the
+     "config" script when run from a VC++ environment. Modify standard VC++
+     build to use fipscanister.o from the GNU make build. 
+     [Steve Henson]
+
+ Changes between 0.9.7h and 0.9.7i  [14 Oct 2005]
+
+  *) Wrapped the definition of EVP_MAX_MD_SIZE in a #ifdef OPENSSL_FIPS.
+     The value now differs depending on if you build for FIPS or not.
+     BEWARE!  A program linked with a shared FIPSed libcrypto can't be
+     safely run with a non-FIPSed libcrypto, as it may crash because of
+     the difference induced by this change.
+     [Andy Polyakov]
+
  Changes between 0.9.7g and 0.9.7h  [11 Oct 2005]
 
   *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
      (part of SSL_OP_ALL).  This option used to disable the
      countermeasure against man-in-the-middle protocol-version
      rollback in the SSL 2.0 server implementation, which is a bad
-     idea.
+     idea.  (CVE-2005-2969)
 
      [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
      for Information Security, National Institute of Advanced Industrial
  Changes between 0.9.7c and 0.9.7d  [17 Mar 2004]
 
   *) Fix null-pointer assignment in do_change_cipher_spec() revealed           
-     by using the Codenomicon TLS Test Tool (CAN-2004-0079)                    
+     by using the Codenomicon TLS Test Tool (CVE-2004-0079)                    
      [Joe Orton, Steve Henson]   
 
   *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
-     (CAN-2004-0112)
+     (CVE-2004-0112)
      [Joe Orton, Steve Henson]   
 
   *) Make it possible to have multiple active certificates with the same
   *) Fix various bugs revealed by running the NISCC test suite:
 
      Stop out of bounds reads in the ASN1 code when presented with
-     invalid tags (CAN-2003-0543 and CAN-2003-0544).
+     invalid tags (CVE-2003-0543 and CVE-2003-0544).
      
-     Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545).
+     Free up ASN1_TYPE correctly if ANY type is invalid (CVE-2003-0545).
 
      If verify callback ignores invalid public key errors don't try to check
      certificate signature with the NULL public key.
      via timing by performing a MAC computation even if incorrrect
      block cipher padding has been found.  This is a countermeasure
      against active attacks where the attacker has to distinguish
-     between bad padding and a MAC verification error. (CAN-2003-0078)
+     between bad padding and a MAC verification error. (CVE-2003-0078)
 
      [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
      Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
 
      Remote buffer overflow in SSL3 protocol - an attacker could
      supply an oversized master key in Kerberos-enabled versions.
-     (CAN-2002-0657)
+     (CVE-2002-0657)
      [Ben Laurie (CHATS)]
 
   *) Change the SSL kerb5 codes to match RFC 2712.
@@ -3064,7 +3222,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
  Changes between 0.9.6l and 0.9.6m  [17 Mar 2004]
 
   *) Fix null-pointer assignment in do_change_cipher_spec() revealed
-     by using the Codenomicon TLS Test Tool (CAN-2004-0079)
+     by using the Codenomicon TLS Test Tool (CVE-2004-0079)
      [Joe Orton, Steve Henson]
 
  Changes between 0.9.6k and 0.9.6l  [04 Nov 2003]
@@ -3072,7 +3230,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
   *) Fix additional bug revealed by the NISCC test suite:
 
      Stop bug triggering large recursion when presented with
-     certain ASN.1 tags (CAN-2003-0851)
+     certain ASN.1 tags (CVE-2003-0851)
      [Steve Henson]
 
  Changes between 0.9.6j and 0.9.6k  [30 Sep 2003]
@@ -3080,7 +3238,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
   *) Fix various bugs revealed by running the NISCC test suite:
 
      Stop out of bounds reads in the ASN1 code when presented with
-     invalid tags (CAN-2003-0543 and CAN-2003-0544).
+     invalid tags (CVE-2003-0543 and CVE-2003-0544).
      
      If verify callback ignores invalid public key errors don't try to check
      certificate signature with the NULL public key.
@@ -3132,7 +3290,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
      via timing by performing a MAC computation even if incorrrect
      block cipher padding has been found.  This is a countermeasure
      against active attacks where the attacker has to distinguish
-     between bad padding and a MAC verification error. (CAN-2003-0078)
+     between bad padding and a MAC verification error. (CVE-2003-0078)
 
      [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
      Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
@@ -3265,7 +3423,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
   *) Add various sanity checks to asn1_get_length() to reject
      the ASN1 length bytes if they exceed sizeof(long), will appear
      negative or the content length exceeds the length of the
-     supplied buffer. (CAN-2002-0659)
+     supplied buffer. (CVE-2002-0659)
      [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
 
   *) Assertions for various potential buffer overflows, not known to
@@ -3273,15 +3431,15 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
      [Ben Laurie (CHATS)]
 
   *) Various temporary buffers to hold ASCII versions of integers were
-     too small for 64 bit platforms. (CAN-2002-0655)
+     too small for 64 bit platforms. (CVE-2002-0655)
      [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
 
   *) Remote buffer overflow in SSL3 protocol - an attacker could
-     supply an oversized session ID to a client. (CAN-2002-0656)
+     supply an oversized session ID to a client. (CVE-2002-0656)
      [Ben Laurie (CHATS)]
 
   *) Remote buffer overflow in SSL2 protocol - an attacker could
-     supply an oversized client master key. (CAN-2002-0656)
+     supply an oversized client master key. (CVE-2002-0656)
      [Ben Laurie (CHATS)]
 
  Changes between 0.9.6c and 0.9.6d  [9 May 2002]
index 0755cb2..45c09d5 100644 (file)
@@ -31,6 +31,7 @@ OpenSSL  -  Frequently Asked Questions
 * Why does my browser give a warning about a mismatched hostname?
 * How do I install a CA certificate into a browser?
 * Why is OpenSSL x509 DN output not conformant to RFC2253?
+* What is a "128 bit certificate"? Can I create one with OpenSSL?
 
 [BUILD] Questions about building and testing OpenSSL
 
@@ -48,6 +49,7 @@ OpenSSL  -  Frequently Asked Questions
 * Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
 * Why does the OpenSSL test suite fail in sha512t on x86 CPU?
 * Why does compiler fail to compile sha512.c?
+* Test suite still fails, what to do?
 
 [PROG] Questions about programming with OpenSSL
 
@@ -72,7 +74,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.8a was released on October 11th, 2005.
+OpenSSL 0.9.8c was released on September 5th, 2006.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -386,6 +388,43 @@ interface, the "-nameopt" option could be introduded. See the manual
 page of the "openssl x509" commandline tool for details. The old behaviour
 has however been left as default for the sake of compatibility.
 
+* What is a "128 bit certificate"? Can I create one with OpenSSL?
+
+The term "128 bit certificate" is a highly misleading marketing term. It does
+*not* refer to the size of the public key in the certificate! A certificate
+containing a 128 bit RSA key would have negligible security.
+
+There were various other names such as "magic certificates", "SGC
+certificates", "step up certificates" etc.
+
+You can't generally create such a certificate using OpenSSL but there is no
+need to any more. Nowadays web browsers using unrestricted strong encryption
+are generally available.
+
+When there were tight export restrictions on the export of strong encryption
+software from the US only weak encryption algorithms could be freely exported
+(initially 40 bit and then 56 bit). It was widely recognised that this was
+inadequate. A relaxation the rules allowed the use of strong encryption but
+only to an authorised server.
+
+Two slighly different techniques were developed to support this, one used by
+Netscape was called "step up", the other used by MSIE was called "Server Gated
+Cryptography" (SGC). When a browser initially connected to a server it would
+check to see if the certificate contained certain extensions and was issued by
+an authorised authority. If these test succeeded it would reconnect using
+strong encryption.
+
+Only certain (initially one) certificate authorities could issue the
+certificates and they generally cost more than ordinary certificates.
+
+Although OpenSSL can create certificates containing the appropriate extensions
+the certificate would not come from a permitted authority and so would not
+be recognized.
+
+The export laws were later changed to allow almost unrestricted use of strong
+encryption so these certificates are now obsolete.
+
+
 [BUILD] =======================================================================
 
 * Why does the linker complain about undefined symbols?
@@ -617,6 +656,18 @@ the module in question. The recommendation is to disable SHA-512 by
 adding no-sha512 to ./config [or ./Configure] command line. Another
 possible alternative might be to switch to GCC.
 
+* Test suite still fails, what to do?
+
+Another common reason for failure to complete some particular test is
+simply bad code generated by a buggy component in toolchain or deficiency
+in run-time environment. There are few cases documented in PROBLEMS file,
+consult it for possible workaround before you beat the drum. Even if you
+don't find solution or even mention there, do reserve for possibility of
+a compiler bug. Compiler bugs might appear in rather bizarre ways, they
+never make sense, and tend to emerge when you least expect them. In order
+to identify one, drop optimization level, e.g. by editing CFLAG line in
+top-level Makefile, recompile and re-run the test.
+
 [PROG] ========================================================================
 
 * Is OpenSSL thread-safe?
@@ -628,8 +679,9 @@ libraries.  If your platform is not one of these, consult the INSTALL
 file.
 
 Multi-threaded applications must provide two callback functions to
-OpenSSL.  This is described in the threads(3) manpage.
-
+OpenSSL by calling CRYPTO_set_locking_callback() and
+CRYPTO_set_id_callback().  This is described in the threads(3)
+manpage.
 
 * I've compiled a program under Windows and it crashes: why?
 
@@ -649,10 +701,10 @@ your application must link  against the same by which OpenSSL was
 built.  If you are using MS Visual C++ (Studio) this can be changed
 by:
 
-1.  Select Settings... from the Project Menu.
-2.  Select the C/C++ Tab.
-3.  Select "Code Generation from the "Category" drop down list box
-4.  Select the Appropriate library (see table below) from the "Use
+ 1. Select Settings... from the Project Menu.
+ 2. Select the C/C++ Tab.
+ 3. Select "Code Generation from the "Category" drop down list box
+ 4. Select the Appropriate library (see table below) from the "Use
     run-time library" drop down list box.  Perform this step for both
     your debug and release versions of your application (look at the
     top left of the settings panel to change between the two)
@@ -672,16 +724,19 @@ Note that debug and release libraries are NOT interchangeable.  If you
 built OpenSSL with /MD your application must use /MD and cannot use /MDd.
 
 As per 0.9.8 the above limitation is eliminated for .DLLs. OpenSSL
-.DLLs compiled with some specific run-time option [we recommend the
+.DLLs compiled with some specific run-time option [we insist on the
 default /MD] can be deployed with application compiled with different
 option or even different compiler. But there is a catch! Instead of
 re-compiling OpenSSL toolkit, as you would have to with prior versions,
 you have to compile small C snippet with compiler and/or options of
 your choice. The snippet gets installed as
 <install-root>/include/openssl/applink.c and should be either added to
-your project or simply #include-d in one [and only one] of your source
-files. Failure to do either manifests itself as fatal "no
-OPENSSL_Applink" error.
+your application project or simply #include-d in one [and only one]
+of your application source files. Failure to link this shim module
+into your application manifests itself as fatal "no OPENSSL_Applink"
+run-time error. An explicit reminder is due that in this situation
+[mixing compiler options] it is as important to add CRYPTO_malloc_init
+prior first call to OpenSSL.
 
 * How do I read or write a DER encoded buffer using the ASN1 functions?
 
index e6afecc..c21f132 100644 (file)
@@ -12,7 +12,7 @@
   ---------------
 
 /* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
index 4fb708b..6bda70f 100644 (file)
@@ -5,9 +5,24 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c:
+
+      o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
+      o New cipher Camellia
+
+  Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b:
+
+      o Cipher string fixes.
+      o Fixes for VC++ 2005.
+      o Updated ECC cipher suite support.
+      o New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free().
+      o Zlib compression usage fixes.
+      o Built in dynamic engine compilation support on Win32.
+      o Fixes auto dynamic engine loading in Win32.
+
   Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a:
 
-      o Fix potential SSL 2.0 rollback, CAN-2005-2969
+      o Fix potential SSL 2.0 rollback, CVE-2005-2969
       o Extended Windows CE support
 
   Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8:
       o Added initial support for Win64.
       o Added alternate pkg-config files.
 
+  Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k:
+
+      o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
+
+  Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j:
+
+      o Visual C++ 2005 fixes.
+      o Update Windows build system for FIPS.
+
+  Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i:
+
+      o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build.
+
+  Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h:
+
+      o Fix SSL 2.0 Rollback, CVE-2005-2969
+      o Allow use of fixed-length exponent on DSA signing
+      o Default fixed-window RSA, DSA, DH private-key operations
+
   Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g:
 
       o More compilation issues fixed.
index 2d1236a..b719e48 100644 (file)
@@ -1,7 +1,7 @@
 
- OpenSSL 0.9.8a 11 Oct 2005
+ OpenSSL 0.9.8c 05 Sep 2006
 
- Copyright (c) 1998-2005 The OpenSSL Project
+ Copyright (c) 1998-2006 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
  All rights reserved.
 
 
  The MDC2 algorithm is patented by IBM.
 
+ NTT and Mitsubishi have patents and pending patents on the Camellia
+ algorithm, but allow use at no charge without requiring an explicit
+ licensing agreement: http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
+
  INSTALLATION
  ------------
 
index 8ef8ac1..c783a6e 100644 (file)
@@ -94,6 +94,9 @@ foreach (@ARGV) {
                mkdir "${CATOP}/private", $DIRMODE;
                open OUT, ">${CATOP}/index.txt";
                close OUT;
+               open OUT, ">${CATOP}/crlnumber";
+               print OUT "01\n";
+               close OUT;
            }
            if ( ! -f "${CATOP}/private/$CAKEY" ) {
                print "CA certificate filename (or enter to create)\n";
@@ -113,6 +116,7 @@ foreach (@ARGV) {
                    system ("$CA -create_serial " .
                        "-out ${CATOP}/$CACERT $CADAYS -batch " . 
                        "-keyfile ${CATOP}/private/$CAKEY -selfsign " .
+                       "-extensions v3_ca " .
                        "-infiles ${CATOP}/$CAREQ ");
                    $RET=$?;
                }
index a5ec5d7..d503031 100644 (file)
@@ -84,6 +84,9 @@
  * -aes128     - encrypt output if PEM format
  * -aes192     - encrypt output if PEM format
  * -aes256     - encrypt output if PEM format
+ * -camellia128 - encrypt output if PEM format
+ * -camellia192 - encrypt output if PEM format
+ * -camellia256 - encrypt output if PEM format
  * -text       - print a text version
  * -modulus    - print the DSA public key
  */
@@ -211,6 +214,10 @@ bad:
 #ifndef OPENSSL_NO_AES
                BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
                BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+               BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
+               BIO_printf(bio_err,"                 encrypt PEM output with cbc camellia\n");
 #endif
                BIO_printf(bio_err," -text           print the key in text\n");
                BIO_printf(bio_err," -noout          don't print key out\n");
index 828e27f..936a42b 100644 (file)
@@ -147,6 +147,14 @@ int MAIN(int argc, char **argv)
                        enc=EVP_aes_192_cbc();
                else if (strcmp(*argv,"-aes256") == 0)
                        enc=EVP_aes_256_cbc();
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+               else if (strcmp(*argv,"-camellia128") == 0)
+                       enc=EVP_camellia_128_cbc();
+               else if (strcmp(*argv,"-camellia192") == 0)
+                       enc=EVP_camellia_192_cbc();
+               else if (strcmp(*argv,"-camellia256") == 0)
+                       enc=EVP_camellia_256_cbc();
 #endif
                else if (**argv != '-' && dsaparams == NULL)
                        {
@@ -174,6 +182,10 @@ bad:
                BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
                BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
 #endif
+#ifndef OPENSSL_NO_CAMELLIA
+               BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
+               BIO_printf(bio_err,"                 encrypt PEM output with cbc camellia\n");
+#endif
 #ifndef OPENSSL_NO_ENGINE
                BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
 #endif
index 4f62cfd..d716a3c 100644 (file)
@@ -167,6 +167,14 @@ int MAIN(int argc, char **argv)
                        enc=EVP_aes_192_cbc();
                else if (strcmp(*argv,"-aes256") == 0)
                        enc=EVP_aes_256_cbc();
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+               else if (strcmp(*argv,"-camellia128") == 0)
+                       enc=EVP_camellia_128_cbc();
+               else if (strcmp(*argv,"-camellia192") == 0)
+                       enc=EVP_camellia_192_cbc();
+               else if (strcmp(*argv,"-camellia256") == 0)
+                       enc=EVP_camellia_256_cbc();
 #endif
                else if (strcmp(*argv,"-passout") == 0)
                        {
@@ -190,6 +198,10 @@ bad:
 #ifndef OPENSSL_NO_AES
                BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
                BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+               BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
+               BIO_printf(bio_err,"                 encrypt PEM output with cbc camellia\n");
 #endif
                BIO_printf(bio_err," -out file       output the key to 'file\n");
                BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
index 02d86d5..47aee5b 100644 (file)
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 /* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -445,7 +445,11 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
                for (fp=functions; fp->name != NULL; fp++)
                        {
                        nl=0;
+#ifdef OPENSSL_NO_CAMELLIA
                        if (((i++) % 5) == 0)
+#else
+                       if (((i++) % 4) == 0)
+#endif
                                {
                                BIO_printf(bio_err,"\n");
                                nl=1;
@@ -466,7 +470,11 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
                                        BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n");
                                        }
                                }
+#ifdef OPENSSL_NO_CAMELLIA
                        BIO_printf(bio_err,"%-15s",fp->name);
+#else
+                       BIO_printf(bio_err,"%-18s",fp->name);
+#endif
                        }
                BIO_printf(bio_err,"\n\n");
                ret=0;
index c22c00f..308f920 100644 (file)
@@ -3,7 +3,7 @@
  * project.
  */
 /* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -161,6 +161,11 @@ int MAIN(int argc, char **argv)
                else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc();
                else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc();
                else if (!strcmp(*args,"-aes256")) enc=EVP_aes_256_cbc();
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+               else if (!strcmp(*args,"-camellia128")) enc=EVP_camellia_128_cbc();
+               else if (!strcmp(*args,"-camellia192")) enc=EVP_camellia_192_cbc();
+               else if (!strcmp(*args,"-camellia256")) enc=EVP_camellia_256_cbc();
 #endif
                else if (!strcmp (*args, "-noiter")) iter = 1;
                else if (!strcmp (*args, "-maciter"))
@@ -303,6 +308,10 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_AES
        BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
        BIO_printf (bio_err, "              encrypt PEM output with cbc aes\n");
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+       BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
+       BIO_printf (bio_err, "              encrypt PEM output with cbc camellia\n");
 #endif
        BIO_printf (bio_err, "-nodes        don't encrypt private keys\n");
        BIO_printf (bio_err, "-noiter       don't use encryption iteration\n");
@@ -825,12 +834,14 @@ int alg_print (BIO *x, X509_ALGOR *alg)
        PBEPARAM *pbe;
        const unsigned char *p;
        p = alg->parameter->value.sequence->data;
-       pbe = d2i_PBEPARAM (NULL, &p, alg->parameter->value.sequence->length);
+       pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
+       if (!pbe)
+               return 1;
        BIO_printf (bio_err, "%s, Iteration %ld\n", 
                OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)),
                ASN1_INTEGER_get(pbe->iter));
        PBEPARAM_free (pbe);
-       return 0;
+       return 1;
 }
 
 /* Load all certificates from a given file */
index dc665c5..011974b 100644 (file)
@@ -165,6 +165,24 @@ FUNCTION functions[] = {
 #endif
 #ifndef OPENSSL_NO_AES
        {FUNC_TYPE_CIPHER,"aes-256-ecb",enc_main},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+       {FUNC_TYPE_CIPHER,"camellia-128-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+       {FUNC_TYPE_CIPHER,"camellia-128-ecb",enc_main},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+       {FUNC_TYPE_CIPHER,"camellia-192-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+       {FUNC_TYPE_CIPHER,"camellia-192-ecb",enc_main},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+       {FUNC_TYPE_CIPHER,"camellia-256-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+       {FUNC_TYPE_CIPHER,"camellia-256-ecb",enc_main},
 #endif
        {FUNC_TYPE_CIPHER,"base64",enc_main},
 #ifndef OPENSSL_NO_DES
index d5cb7b7..cf09a19 100644 (file)
@@ -84,6 +84,9 @@
  * -aes128     - encrypt output if PEM format
  * -aes192     - encrypt output if PEM format
  * -aes256     - encrypt output if PEM format
+ * -camellia128 - encrypt output if PEM format
+ * -camellia192 - encrypt output if PEM format
+ * -camellia256 - encrypt output if PEM format
  * -text       - print a text version
  * -modulus    - print the RSA key modulus
  * -check      - verify key consistency
@@ -211,6 +214,10 @@ bad:
 #ifndef OPENSSL_NO_AES
                BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
                BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+               BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
+               BIO_printf(bio_err,"                 encrypt PEM output with cbc camellia\n");
 #endif
                BIO_printf(bio_err," -text           print the key in text\n");
                BIO_printf(bio_err," -noout          don't print key out\n");
index cfee531..4a1857f 100644 (file)
@@ -188,7 +188,7 @@ static void sc_usage(void)
        BIO_printf(bio_err," -port port     - use -connect instead\n");
        BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
 
-       BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
+       BIO_printf(bio_err," -verify depth - turn on peer certificate verification\n");
        BIO_printf(bio_err," -cert arg     - certificate file to use, PEM format assumed\n");
        BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
        BIO_printf(bio_err," -key arg      - Private key file to use, in cert file if\n");
index 250fd69..830f18c 100644 (file)
@@ -160,6 +160,14 @@ int MAIN(int argc, char **argv)
                                cipher = EVP_aes_192_cbc();
                else if (!strcmp(*args,"-aes256"))
                                cipher = EVP_aes_256_cbc();
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+               else if (!strcmp(*args,"-camellia128"))
+                               cipher = EVP_camellia_128_cbc();
+               else if (!strcmp(*args,"-camellia192"))
+                               cipher = EVP_camellia_192_cbc();
+               else if (!strcmp(*args,"-camellia256"))
+                               cipher = EVP_camellia_256_cbc();
 #endif
                else if (!strcmp (*args, "-text")) 
                                flags |= PKCS7_TEXT;
@@ -423,6 +431,10 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_AES
                BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
                BIO_printf (bio_err, "               encrypt PEM output with cbc aes\n");
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+               BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
+               BIO_printf (bio_err, "               encrypt PEM output with cbc camellia\n");
 #endif
                BIO_printf (bio_err, "-nointern      don't search certificates in message for signer\n");
                BIO_printf (bio_err, "-nosigs        don't verify message signature\n");
@@ -638,12 +650,6 @@ int MAIN(int argc, char **argv)
                if ((flags & PKCS7_DETACHED) && (outformat == FORMAT_SMIME))
                        flags |= PKCS7_STREAM;
                p7 = PKCS7_sign(signer, key, other, in, flags);
-               /* Don't need to rewind for partial signing */
-               if (!(flags & PKCS7_STREAM) && (BIO_reset(in) != 0))
-                       {
-                       BIO_printf(bio_err, "Can't rewind input file\n");
-                       goto end;
-                       }
                }
        else
                {
index 474f20c..7858aee 100644 (file)
 #ifndef OPENSSL_NO_AES
 #include <openssl/aes.h>
 #endif
+#ifndef OPENSSL_NO_CAMELLIA
+#include <openssl/camellia.h>
+#endif
 #ifndef OPENSSL_NO_MD2
 #include <openssl/md2.h>
 #endif
@@ -269,7 +272,7 @@ static void print_result(int alg,int run_no,int count,double time_used);
 static int do_multi(int multi);
 #endif
 
-#define ALGOR_NUM      21
+#define ALGOR_NUM      24
 #define SIZE_NUM       5
 #define RSA_NUM                4
 #define DSA_NUM                3
@@ -281,7 +284,9 @@ static const char *names[ALGOR_NUM]={
   "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4",
   "des cbc","des ede3","idea cbc",
   "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc",
-  "aes-128 cbc","aes-192 cbc","aes-256 cbc","evp","sha256","sha512"};
+  "aes-128 cbc","aes-192 cbc","aes-256 cbc",
+  "camellia-128 cbc","camellia-192 cbc","camellia-256 cbc",
+  "evp","sha256","sha512"};
 static double results[ALGOR_NUM][SIZE_NUM];
 static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
 static double rsa_results[RSA_NUM][2];
@@ -548,6 +553,17 @@ int MAIN(int argc, char **argv)
                 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,
                 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56};
 #endif
+#ifndef OPENSSL_NO_CAMELLIA
+       static const unsigned char ckey24[24]=
+               {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+                0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
+                0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+       static const unsigned char ckey32[32]=
+               {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+                0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
+                0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,
+                0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56};
+#endif
 #ifndef OPENSSL_NO_AES
 #define MAX_BLOCK_SIZE 128
 #else
@@ -567,6 +583,9 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_AES
        AES_KEY aes_ks1, aes_ks2, aes_ks3;
 #endif
+#ifndef OPENSSL_NO_CAMELLIA
+       CAMELLIA_KEY camellia_ks1, camellia_ks2, camellia_ks3;
+#endif
 #define        D_MD2           0
 #define        D_MDC2          1
 #define        D_MD4           2
@@ -585,9 +604,12 @@ int MAIN(int argc, char **argv)
 #define D_CBC_128_AES  15
 #define D_CBC_192_AES  16
 #define D_CBC_256_AES  17
-#define D_EVP          18
-#define D_SHA256       19
-#define D_SHA512       20
+#define D_CBC_128_CML   18 
+#define D_CBC_192_CML   19
+#define D_CBC_256_CML   20 
+#define D_EVP          21
+#define D_SHA256       22      
+#define D_SHA512       23
        double d=0.0;
        long c[ALGOR_NUM][SIZE_NUM];
 #define        R_DSA_512       0
@@ -930,6 +952,12 @@ int MAIN(int argc, char **argv)
                else    if (strcmp(*argv,"aes-256-cbc") == 0) doit[D_CBC_256_AES]=1;
                else
 #endif
+#ifndef OPENSSL_NO_CAMELLIA
+                       if (strcmp(*argv,"camellia-128-cbc") == 0) doit[D_CBC_128_CML]=1;
+               else    if (strcmp(*argv,"camellia-192-cbc") == 0) doit[D_CBC_192_CML]=1;
+               else    if (strcmp(*argv,"camellia-256-cbc") == 0) doit[D_CBC_256_CML]=1;
+               else
+#endif
 #ifndef OPENSSL_NO_RSA
 #if 0 /* was: #ifdef RSAref */
                        if (strcmp(*argv,"rsaref") == 0) 
@@ -1000,6 +1028,15 @@ int MAIN(int argc, char **argv)
                        }
                else
 #endif
+#ifndef OPENSSL_NO_CAMELLIA
+                       if (strcmp(*argv,"camellia") == 0)
+                       {
+                       doit[D_CBC_128_CML]=1;
+                       doit[D_CBC_192_CML]=1;
+                       doit[D_CBC_256_CML]=1;
+                       }
+               else
+#endif
 #ifndef OPENSSL_NO_RSA
                        if (strcmp(*argv,"rsa") == 0)
                        {
@@ -1126,6 +1163,10 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_AES
                        BIO_printf(bio_err,"aes-128-cbc aes-192-cbc aes-256-cbc ");
 #endif
+#ifndef OPENSSL_NO_CAMELLIA
+                       BIO_printf(bio_err,"\n");
+                       BIO_printf(bio_err,"camellia-128-cbc camellia-192-cbc camellia-256-cbc ");
+#endif
 #ifndef OPENSSL_NO_RC4
                        BIO_printf(bio_err,"rc4");
 #endif
@@ -1163,6 +1204,9 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_AES
                        BIO_printf(bio_err,"aes      ");
 #endif
+#ifndef OPENSSL_NO_CAMELLIA
+                       BIO_printf(bio_err,"camellia ");
+#endif
 #ifndef OPENSSL_NO_RSA
                        BIO_printf(bio_err,"rsa      ");
 #endif
@@ -1171,7 +1215,8 @@ int MAIN(int argc, char **argv)
 #endif
 #if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_RC2) || \
     !defined(OPENSSL_NO_DES) || !defined(OPENSSL_NO_RSA) || \
-    !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_AES)
+    !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_AES) || \
+    !defined(OPENSSL_NO_CAMELLIA) 
                        BIO_printf(bio_err,"\n");
 #endif
 
@@ -1265,6 +1310,11 @@ int MAIN(int argc, char **argv)
        AES_set_encrypt_key(key24,192,&aes_ks2);
        AES_set_encrypt_key(key32,256,&aes_ks3);
 #endif
+#ifndef OPENSSL_NO_CAMELLIA
+       Camellia_set_key(key16,128,&camellia_ks1);
+       Camellia_set_key(ckey24,192,&camellia_ks2);
+       Camellia_set_key(ckey32,256,&camellia_ks3);
+#endif
 #ifndef OPENSSL_NO_IDEA
        idea_set_encrypt_key(key16,&idea_ks);
 #endif
@@ -1318,6 +1368,9 @@ int MAIN(int argc, char **argv)
        c[D_CBC_128_AES][0]=count;
        c[D_CBC_192_AES][0]=count;
        c[D_CBC_256_AES][0]=count;
+       c[D_CBC_128_CML][0]=count;
+       c[D_CBC_192_CML][0]=count;
+       c[D_CBC_256_CML][0]=count;
        c[D_SHA256][0]=count;
        c[D_SHA512][0]=count;
 
@@ -1350,6 +1403,9 @@ int MAIN(int argc, char **argv)
                c[D_CBC_128_AES][i]=c[D_CBC_128_AES][i-1]*l0/l1;
                c[D_CBC_192_AES][i]=c[D_CBC_192_AES][i-1]*l0/l1;
                c[D_CBC_256_AES][i]=c[D_CBC_256_AES][i-1]*l0/l1;
+               c[D_CBC_128_CML][i]=c[D_CBC_128_CML][i-1]*l0/l1;
+               c[D_CBC_192_CML][i]=c[D_CBC_192_CML][i-1]*l0/l1;
+               c[D_CBC_256_CML][i]=c[D_CBC_256_CML][i-1]*l0/l1;
                }
 #ifndef OPENSSL_NO_RSA
        rsa_c[R_RSA_512][0]=count/2000;
@@ -1743,6 +1799,51 @@ int MAIN(int argc, char **argv)
                        }
                }
 
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+       if (doit[D_CBC_128_CML])
+               {
+               for (j=0; j<SIZE_NUM; j++)
+                       {
+                       print_message(names[D_CBC_128_CML],c[D_CBC_128_CML][j],lengths[j]);
+                       Time_F(START);
+                       for (count=0,run=1; COND(c[D_CBC_128_CML][j]); count++)
+                               Camellia_cbc_encrypt(buf,buf,
+                                       (unsigned long)lengths[j],&camellia_ks1,
+                                       iv,CAMELLIA_ENCRYPT);
+                       d=Time_F(STOP);
+                       print_result(D_CBC_128_CML,j,count,d);
+                       }
+               }
+       if (doit[D_CBC_192_CML])
+               {
+               for (j=0; j<SIZE_NUM; j++)
+                       {
+                       print_message(names[D_CBC_192_CML],c[D_CBC_192_CML][j],lengths[j]);
+                       Time_F(START);
+                       for (count=0,run=1; COND(c[D_CBC_192_CML][j]); count++)
+                               Camellia_cbc_encrypt(buf,buf,
+                                       (unsigned long)lengths[j],&camellia_ks2,
+                                       iv,CAMELLIA_ENCRYPT);
+                       d=Time_F(STOP);
+                       print_result(D_CBC_192_CML,j,count,d);
+                       }
+               }
+       if (doit[D_CBC_256_CML])
+               {
+               for (j=0; j<SIZE_NUM; j++)
+                       {
+                       print_message(names[D_CBC_256_CML],c[D_CBC_256_CML][j],lengths[j]);
+                       Time_F(START);
+                       for (count=0,run=1; COND(c[D_CBC_256_CML][j]); count++)
+                               Camellia_cbc_encrypt(buf,buf,
+                                       (unsigned long)lengths[j],&camellia_ks3,
+                                       iv,CAMELLIA_ENCRYPT);
+                       d=Time_F(STOP);
+                       print_result(D_CBC_256_CML,j,count,d);
+                       }
+               }
+
 #endif
 #ifndef OPENSSL_NO_IDEA
        if (doit[D_CBC_IDEA])
@@ -2522,6 +2623,7 @@ static void print_result(int alg,int run_no,int count,double time_used)
        results[alg][run_no]=((double)count)/time_used*lengths[run_no];
        }
 
+#ifdef HAVE_FORK
 static char *sstrsep(char **string, const char *delim)
     {
     char isdelim[256];
@@ -2553,7 +2655,6 @@ static char *sstrsep(char **string, const char *delim)
     return token;
     }
 
-#ifdef HAVE_FORK
 static int do_multi(int multi)
        {
        int n;
index 9ffcc9f..e6fc44a 100644 (file)
@@ -119,6 +119,17 @@ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
        unsigned char ecount_buf[AES_BLOCK_SIZE],
        unsigned int *num);
 
+/* For IGE, see also http://www.links.org/files/openssl-ige.pdf */
+/* NB: the IV is _two_ blocks long */
+void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
+                    const unsigned long length, const AES_KEY *key,
+                    unsigned char *ivec, const int enc);
+/* NB: the IV is _four_ blocks long */
+void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
+                       const unsigned long length, const AES_KEY *key,
+                       const AES_KEY *key2, const unsigned char *ivec,
+                       const int enc);
+
 
 #ifdef  __cplusplus
 }
index 410ae2e..3a80e18 100644 (file)
@@ -44,22 +44,14 @@ Te0[x] = S [x].[02, 01, 01, 03];
 Te1[x] = S [x].[03, 02, 01, 01];
 Te2[x] = S [x].[01, 03, 02, 01];
 Te3[x] = S [x].[01, 01, 03, 02];
-Te4[x] = S [x].[01, 01, 01, 01];
 
 Td0[x] = Si[x].[0e, 09, 0d, 0b];
 Td1[x] = Si[x].[0b, 0e, 09, 0d];
 Td2[x] = Si[x].[0d, 0b, 0e, 09];
 Td3[x] = Si[x].[09, 0d, 0b, 0e];
-Td4[x] = Si[x].[01, 01, 01, 01];
+Td4[x] = Si[x].[01];
 */
 
-#ifdef AES_ASM
-extern const u32 AES_Te[5][256];
-#define Te0 AES_Te[0]
-#define Te1 AES_Te[1]
-#define Te2 AES_Te[2]
-#define Te3 AES_Te[3]
-#else
 static const u32 Te0[256] = {
     0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
     0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
@@ -324,81 +316,7 @@ static const u32 Te3[256] = {
     0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
     0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
 };
-#endif
-static const u32 Te4[256] = {
-    0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU,
-    0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U,
-    0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU,
-    0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U,
-    0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU,
-    0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U,
-    0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU,
-    0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U,
-    0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U,
-    0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU,
-    0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U,
-    0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U,
-    0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U,
-    0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU,
-    0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U,
-    0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U,
-    0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU,
-    0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U,
-    0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U,
-    0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U,
-    0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU,
-    0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU,
-    0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U,
-    0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU,
-    0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU,
-    0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U,
-    0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU,
-    0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U,
-    0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU,
-    0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U,
-    0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U,
-    0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U,
-    0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU,
-    0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U,
-    0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU,
-    0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U,
-    0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU,
-    0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U,
-    0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U,
-    0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU,
-    0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU,
-    0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU,
-    0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U,
-    0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U,
-    0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU,
-    0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U,
-    0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU,
-    0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U,
-    0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU,
-    0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U,
-    0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU,
-    0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU,
-    0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U,
-    0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU,
-    0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U,
-    0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU,
-    0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U,
-    0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U,
-    0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U,
-    0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU,
-    0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU,
-    0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U,
-    0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
-    0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U,
-};
 
-#ifdef AES_ASM
-extern const u32 AES_Td[5][256];
-#define Td0 AES_Td[0]
-#define Td1 AES_Td[1]
-#define Td2 AES_Td[2]
-#define Td3 AES_Td[3]
-#else
 static const u32 Td0[256] = {
     0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
     0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
@@ -663,72 +581,39 @@ static const u32 Td3[256] = {
     0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
     0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
 };
-#endif
-static const u32 Td4[256] = {
-    0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U,
-    0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U,
-    0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU,
-    0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU,
-    0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U,
-    0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U,
-    0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U,
-    0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU,
-    0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U,
-    0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU,
-    0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU,
-    0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU,
-    0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U,
-    0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U,
-    0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U,
-    0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U,
-    0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U,
-    0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U,
-    0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU,
-    0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U,
-    0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U,
-    0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU,
-    0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U,
-    0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U,
-    0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U,
-    0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU,
-    0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U,
-    0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U,
-    0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU,
-    0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U,
-    0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U,
-    0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU,
-    0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U,
-    0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU,
-    0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU,
-    0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U,
-    0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U,
-    0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U,
-    0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U,
-    0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU,
-    0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U,
-    0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U,
-    0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU,
-    0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU,
-    0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU,
-    0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U,
-    0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU,
-    0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U,
-    0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U,
-    0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U,
-    0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U,
-    0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU,
-    0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U,
-    0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU,
-    0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU,
-    0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU,
-    0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
-    0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
-    0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
-    0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
-    0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
-    0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
-    0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
-    0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU,
+static const u8 Td4[256] = {
+    0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
+    0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
+    0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U,
+    0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU,
+    0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU,
+    0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU,
+    0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U,
+    0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U,
+    0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U,
+    0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U,
+    0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU,
+    0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U,
+    0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU,
+    0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U,
+    0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U,
+    0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU,
+    0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU,
+    0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U,
+    0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U,
+    0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU,
+    0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U,
+    0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU,
+    0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U,
+    0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U,
+    0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U,
+    0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU,
+    0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU,
+    0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU,
+    0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U,
+    0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U,
+    0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
+    0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU,
 };
 static const u32 rcon[] = {
        0x01000000, 0x02000000, 0x04000000, 0x08000000,
@@ -768,10 +653,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
                while (1) {
                        temp  = rk[3];
                        rk[4] = rk[0] ^
-                               (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
-                               (Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
-                               (Te4[(temp      ) & 0xff] & 0x0000ff00) ^
-                               (Te4[(temp >> 24)       ] & 0x000000ff) ^
+                               (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+                               (Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                               (Te0[(temp      ) & 0xff] & 0x0000ff00) ^
+                               (Te1[(temp >> 24)       ] & 0x000000ff) ^
                                rcon[i];
                        rk[5] = rk[1] ^ rk[4];
                        rk[6] = rk[2] ^ rk[5];
@@ -788,10 +673,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
                while (1) {
                        temp = rk[ 5];
                        rk[ 6] = rk[ 0] ^
-                               (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
-                               (Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
-                               (Te4[(temp      ) & 0xff] & 0x0000ff00) ^
-                               (Te4[(temp >> 24)       ] & 0x000000ff) ^
+                               (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+                               (Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                               (Te0[(temp      ) & 0xff] & 0x0000ff00) ^
+                               (Te1[(temp >> 24)       ] & 0x000000ff) ^
                                rcon[i];
                        rk[ 7] = rk[ 1] ^ rk[ 6];
                        rk[ 8] = rk[ 2] ^ rk[ 7];
@@ -810,10 +695,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
                while (1) {
                        temp = rk[ 7];
                        rk[ 8] = rk[ 0] ^
-                               (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
-                               (Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
-                               (Te4[(temp      ) & 0xff] & 0x0000ff00) ^
-                               (Te4[(temp >> 24)       ] & 0x000000ff) ^
+                               (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+                               (Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                               (Te0[(temp      ) & 0xff] & 0x0000ff00) ^
+                               (Te1[(temp >> 24)       ] & 0x000000ff) ^
                                rcon[i];
                        rk[ 9] = rk[ 1] ^ rk[ 8];
                        rk[10] = rk[ 2] ^ rk[ 9];
@@ -823,10 +708,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
                        }
                        temp = rk[11];
                        rk[12] = rk[ 4] ^
-                               (Te4[(temp >> 24)       ] & 0xff000000) ^
-                               (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
-                               (Te4[(temp >>  8) & 0xff] & 0x0000ff00) ^
-                               (Te4[(temp      ) & 0xff] & 0x000000ff);
+                               (Te2[(temp >> 24)       ] & 0xff000000) ^
+                               (Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^
+                               (Te0[(temp >>  8) & 0xff] & 0x0000ff00) ^
+                               (Te1[(temp      ) & 0xff] & 0x000000ff);
                        rk[13] = rk[ 5] ^ rk[12];
                        rk[14] = rk[ 6] ^ rk[13];
                        rk[15] = rk[ 7] ^ rk[14];
@@ -865,25 +750,25 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
        for (i = 1; i < (key->rounds); i++) {
                rk += 4;
                rk[0] =
-                       Td0[Te4[(rk[0] >> 24)       ] & 0xff] ^
-                       Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^
-                       Td2[Te4[(rk[0] >>  8) & 0xff] & 0xff] ^
-                       Td3[Te4[(rk[0]      ) & 0xff] & 0xff];
+                       Td0[Te1[(rk[0] >> 24)       ] & 0xff] ^
+                       Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^
+                       Td2[Te1[(rk[0] >>  8) & 0xff] & 0xff] ^
+                       Td3[Te1[(rk[0]      ) & 0xff] & 0xff];
                rk[1] =
-                       Td0[Te4[(rk[1] >> 24)       ] & 0xff] ^
-                       Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^
-                       Td2[Te4[(rk[1] >>  8) & 0xff] & 0xff] ^
-                       Td3[Te4[(rk[1]      ) & 0xff] & 0xff];
+                       Td0[Te1[(rk[1] >> 24)       ] & 0xff] ^
+                       Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^
+                       Td2[Te1[(rk[1] >>  8) & 0xff] & 0xff] ^
+                       Td3[Te1[(rk[1]      ) & 0xff] & 0xff];
                rk[2] =
-                       Td0[Te4[(rk[2] >> 24)       ] & 0xff] ^
-                       Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^
-                       Td2[Te4[(rk[2] >>  8) & 0xff] & 0xff] ^
-                       Td3[Te4[(rk[2]      ) & 0xff] & 0xff];
+                       Td0[Te1[(rk[2] >> 24)       ] & 0xff] ^
+                       Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^
+                       Td2[Te1[(rk[2] >>  8) & 0xff] & 0xff] ^
+                       Td3[Te1[(rk[2]      ) & 0xff] & 0xff];
                rk[3] =
-                       Td0[Te4[(rk[3] >> 24)       ] & 0xff] ^
-                       Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^
-                       Td2[Te4[(rk[3] >>  8) & 0xff] & 0xff] ^
-                       Td3[Te4[(rk[3]      ) & 0xff] & 0xff];
+                       Td0[Te1[(rk[3] >> 24)       ] & 0xff] ^
+                       Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^
+                       Td2[Te1[(rk[3] >>  8) & 0xff] & 0xff] ^
+                       Td3[Te1[(rk[3]      ) & 0xff] & 0xff];
        }
        return 0;
 }
@@ -1051,31 +936,31 @@ void AES_encrypt(const unsigned char *in, unsigned char *out,
         * map cipher state to byte array block:
         */
        s0 =
-               (Te4[(t0 >> 24)       ] & 0xff000000) ^
-               (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
-               (Te4[(t2 >>  8) & 0xff] & 0x0000ff00) ^
-               (Te4[(t3      ) & 0xff] & 0x000000ff) ^
+               (Te2[(t0 >> 24)       ] & 0xff000000) ^
+               (Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^
+               (Te0[(t2 >>  8) & 0xff] & 0x0000ff00) ^
+               (Te1[(t3      ) & 0xff] & 0x000000ff) ^
                rk[0];
        PUTU32(out     , s0);
        s1 =
-               (Te4[(t1 >> 24)       ] & 0xff000000) ^
-               (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
-               (Te4[(t3 >>  8) & 0xff] & 0x0000ff00) ^
-               (Te4[(t0      ) & 0xff] & 0x000000ff) ^
+               (Te2[(t1 >> 24)       ] & 0xff000000) ^
+               (Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^
+               (Te0[(t3 >>  8) & 0xff] & 0x0000ff00) ^
+               (Te1[(t0      ) & 0xff] & 0x000000ff) ^
                rk[1];
        PUTU32(out +  4, s1);
        s2 =
-               (Te4[(t2 >> 24)       ] & 0xff000000) ^
-               (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
-               (Te4[(t0 >>  8) & 0xff] & 0x0000ff00) ^
-               (Te4[(t1      ) & 0xff] & 0x000000ff) ^
+               (Te2[(t2 >> 24)       ] & 0xff000000) ^
+               (Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^
+               (Te0[(t0 >>  8) & 0xff] & 0x0000ff00) ^
+               (Te1[(t1      ) & 0xff] & 0x000000ff) ^
                rk[2];
        PUTU32(out +  8, s2);
        s3 =
-               (Te4[(t3 >> 24)       ] & 0xff000000) ^
-               (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
-               (Te4[(t1 >>  8) & 0xff] & 0x0000ff00) ^
-               (Te4[(t2      ) & 0xff] & 0x000000ff) ^
+               (Te2[(t3 >> 24)       ] & 0xff000000) ^
+               (Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^
+               (Te0[(t1 >>  8) & 0xff] & 0x0000ff00) ^
+               (Te1[(t2      ) & 0xff] & 0x000000ff) ^
                rk[3];
        PUTU32(out + 12, s3);
 }
@@ -1242,31 +1127,31 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
         * map cipher state to byte array block:
         */
        s0 =
-               (Td4[(t0 >> 24)       ] & 0xff000000) ^
-               (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
-               (Td4[(t2 >>  8) & 0xff] & 0x0000ff00) ^
-               (Td4[(t1      ) & 0xff] & 0x000000ff) ^
+               (Td4[(t0 >> 24)       ] << 24) ^
+               (Td4[(t3 >> 16) & 0xff] << 16) ^
+               (Td4[(t2 >>  8) & 0xff] <<  8) ^
+               (Td4[(t1      ) & 0xff])       ^
                rk[0];
        PUTU32(out     , s0);
        s1 =
-               (Td4[(t1 >> 24)       ] & 0xff000000) ^
-               (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
-               (Td4[(t3 >>  8) & 0xff] & 0x0000ff00) ^
-               (Td4[(t2      ) & 0xff] & 0x000000ff) ^
+               (Td4[(t1 >> 24)       ] << 24) ^
+               (Td4[(t0 >> 16) & 0xff] << 16) ^
+               (Td4[(t3 >>  8) & 0xff] <<  8) ^
+               (Td4[(t2      ) & 0xff])       ^
                rk[1];
        PUTU32(out +  4, s1);
        s2 =
-               (Td4[(t2 >> 24)       ] & 0xff000000) ^
-               (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
-               (Td4[(t0 >>  8) & 0xff] & 0x0000ff00) ^
-               (Td4[(t3      ) & 0xff] & 0x000000ff) ^
+               (Td4[(t2 >> 24)       ] << 24) ^
+               (Td4[(t1 >> 16) & 0xff] << 16) ^
+               (Td4[(t0 >>  8) & 0xff] <<  8) ^
+               (Td4[(t3      ) & 0xff])       ^
                rk[2];
        PUTU32(out +  8, s2);
        s3 =
-               (Td4[(t3 >> 24)       ] & 0xff000000) ^
-               (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
-               (Td4[(t1 >>  8) & 0xff] & 0x0000ff00) ^
-               (Td4[(t0      ) & 0xff] & 0x000000ff) ^
+               (Td4[(t3 >> 24)       ] << 24) ^
+               (Td4[(t2 >> 16) & 0xff] << 16) ^
+               (Td4[(t1 >>  8) & 0xff] <<  8) ^
+               (Td4[(t0      ) & 0xff])       ^
                rk[3];
        PUTU32(out + 12, s3);
 }
diff --git a/crypto/openssl-0.9/crypto/aes/aes_ige.c b/crypto/openssl-0.9/crypto/aes/aes_ige.c
new file mode 100644 (file)
index 0000000..2082d06
--- /dev/null
@@ -0,0 +1,283 @@
+/* crypto/aes/aes_ige.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include "cryptlib.h"
+
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+/*
+static void hexdump(FILE *f,const char *title,const unsigned char *s,int l)
+    {
+    int n=0;
+
+    fprintf(f,"%s",title);
+    for( ; n < l ; ++n)
+               {
+               if((n%16) == 0)
+                       fprintf(f,"\n%04x",n);
+               fprintf(f," %02x",s[n]);
+               }
+    fprintf(f,"\n");
+    }
+*/
+
+/* N.B. The IV for this mode is _twice_ the block size */
+
+void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
+                                        const unsigned long length, const AES_KEY *key,
+                                        unsigned char *ivec, const int enc)
+       {
+       unsigned long n;
+       unsigned long len = length;
+       unsigned char tmp[AES_BLOCK_SIZE];
+       unsigned char tmp2[AES_BLOCK_SIZE];
+       unsigned char prev[AES_BLOCK_SIZE];
+       const unsigned char *iv = ivec;
+       const unsigned char *iv2 = ivec + AES_BLOCK_SIZE;
+
+       OPENSSL_assert(in && out && key && ivec);
+       OPENSSL_assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
+       OPENSSL_assert((length%AES_BLOCK_SIZE) == 0);
+
+       if (AES_ENCRYPT == enc)
+               {
+               /* XXX: Do a separate case for when in != out (strictly should
+                  check for overlap, too) */
+               while (len >= AES_BLOCK_SIZE)
+                       {
+                       /*                      hexdump(stdout, "in", in, AES_BLOCK_SIZE); */
+                       /*                      hexdump(stdout, "iv", iv, AES_BLOCK_SIZE); */
+                       for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+                               out[n] = in[n] ^ iv[n];
+                       /*                      hexdump(stdout, "in ^ iv", out, AES_BLOCK_SIZE); */
+                       AES_encrypt(out, out, key);
+                       /*                      hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */
+                       /*                      hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */
+                       for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+                               out[n] ^= iv2[n];
+                       /*                      hexdump(stdout,"out", out, AES_BLOCK_SIZE); */
+                       iv = out;
+                       memcpy(prev, in, AES_BLOCK_SIZE);
+                       iv2 = prev;
+                       len -= AES_BLOCK_SIZE;
+                       in += AES_BLOCK_SIZE;
+                       out += AES_BLOCK_SIZE;
+                       }
+               memcpy(ivec, iv, AES_BLOCK_SIZE);
+               memcpy(ivec + AES_BLOCK_SIZE, iv2, AES_BLOCK_SIZE);
+               }
+       else
+               {
+               while (len >= AES_BLOCK_SIZE)
+                       {
+                       memcpy(tmp, in, AES_BLOCK_SIZE);
+                       memcpy(tmp2, in, AES_BLOCK_SIZE);
+                       /*                      hexdump(stdout, "in", in, AES_BLOCK_SIZE); */
+                       /*                      hexdump(stdout, "iv2", iv2, AES_BLOCK_SIZE); */
+                       for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+                               tmp[n] ^= iv2[n];
+                       /*                      hexdump(stdout, "in ^ iv2", tmp, AES_BLOCK_SIZE); */
+                       AES_decrypt(tmp, out, key);
+                       /*                      hexdump(stdout, "dec", out, AES_BLOCK_SIZE); */
+                       /*                      hexdump(stdout, "iv", ivec, AES_BLOCK_SIZE); */
+                       for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+                               out[n] ^= ivec[n];
+                       /*                      hexdump(stdout, "out", out, AES_BLOCK_SIZE); */
+                       memcpy(ivec, tmp2, AES_BLOCK_SIZE);
+                       iv2 = out;
+                       len -= AES_BLOCK_SIZE;
+                       in += AES_BLOCK_SIZE;
+                       out += AES_BLOCK_SIZE;
+                       }
+               memcpy(ivec + AES_BLOCK_SIZE, iv2, AES_BLOCK_SIZE);
+               }
+       }
+
+/*
+ * Note that its effectively impossible to do biIGE in anything other
+ * than a single pass, so no provision is made for chaining.
+ */
+
+/* N.B. The IV for this mode is _four times_ the block size */
+
+void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
+                                               const unsigned long length, const AES_KEY *key,
+                                               const AES_KEY *key2, const unsigned char *ivec,
+                                               const int enc)
+       {
+       unsigned long n;
+       unsigned long len = length;
+       unsigned char tmp[AES_BLOCK_SIZE];
+       unsigned char tmp2[AES_BLOCK_SIZE];
+       unsigned char tmp3[AES_BLOCK_SIZE];
+       unsigned char prev[AES_BLOCK_SIZE];
+       const unsigned char *iv;
+       const unsigned char *iv2;
+
+       OPENSSL_assert(in && out && key && ivec);
+       OPENSSL_assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
+       OPENSSL_assert((length%AES_BLOCK_SIZE) == 0);
+
+       if (AES_ENCRYPT == enc)
+               {
+               /* XXX: Do a separate case for when in != out (strictly should
+                  check for overlap, too) */
+
+               /* First the forward pass */ 
+               iv = ivec;
+               iv2 = ivec + AES_BLOCK_SIZE;
+               while (len >= AES_BLOCK_SIZE)
+                       {
+                       /*                      hexdump(stdout, "in", in, AES_BLOCK_SIZE); */
+                       /*                      hexdump(stdout, "iv", iv, AES_BLOCK_SIZE); */
+                       for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+                               out[n] = in[n] ^ iv[n];
+                       /*                      hexdump(stdout, "in ^ iv", out, AES_BLOCK_SIZE); */
+                       AES_encrypt(out, out, key);
+                       /*                      hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */
+                       /*                      hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */
+                       for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+                               out[n] ^= iv2[n];
+                       /*                      hexdump(stdout,"out", out, AES_BLOCK_SIZE); */
+                       iv = out;
+                       memcpy(prev, in, AES_BLOCK_SIZE);
+                       iv2 = prev;
+                       len -= AES_BLOCK_SIZE;
+                       in += AES_BLOCK_SIZE;
+                       out += AES_BLOCK_SIZE;
+                       }
+
+               /* And now backwards */
+               iv = ivec + AES_BLOCK_SIZE*2;
+               iv2 = ivec + AES_BLOCK_SIZE*3;
+               len = length;
+               while(len >= AES_BLOCK_SIZE)
+                       {
+                       out -= AES_BLOCK_SIZE;
+                       /*                      hexdump(stdout, "intermediate", out, AES_BLOCK_SIZE); */
+                       /*                      hexdump(stdout, "iv", iv, AES_BLOCK_SIZE); */
+                       /* XXX: reduce copies by alternating between buffers */
+                       memcpy(tmp, out, AES_BLOCK_SIZE);
+                       for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+                               out[n] ^= iv[n];
+                       /*                      hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE); */
+                       AES_encrypt(out, out, key);
+                       /*                      hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */
+                       /*                      hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */
+                       for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+                               out[n] ^= iv2[n];
+                       /*                      hexdump(stdout,"out", out, AES_BLOCK_SIZE); */
+                       iv = out;
+                       memcpy(prev, tmp, AES_BLOCK_SIZE);
+                       iv2 = prev;
+                       len -= AES_BLOCK_SIZE;
+                       }
+               }
+       else
+               {
+               /* First backwards */
+               iv = ivec + AES_BLOCK_SIZE*2;
+               iv2 = ivec + AES_BLOCK_SIZE*3;
+               in += length;
+               out += length;
+               while (len >= AES_BLOCK_SIZE)
+                       {
+                       in -= AES_BLOCK_SIZE;
+                       out -= AES_BLOCK_SIZE;
+                       memcpy(tmp, in, AES_BLOCK_SIZE);
+                       memcpy(tmp2, in, AES_BLOCK_SIZE);
+                       /*                      hexdump(stdout, "in", in, AES_BLOCK_SIZE); */
+                       /*                      hexdump(stdout, "iv2", iv2, AES_BLOCK_SIZE); */
+                       for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+                               tmp[n] ^= iv2[n];
+                       /*                      hexdump(stdout, "in ^ iv2", tmp, AES_BLOCK_SIZE); */
+                       AES_decrypt(tmp, out, key);
+                       /*                      hexdump(stdout, "dec", out, AES_BLOCK_SIZE); */
+                       /*                      hexdump(stdout, "iv", iv, AES_BLOCK_SIZE); */
+                       for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+                               out[n] ^= iv[n];
+                       /*                      hexdump(stdout, "out", out, AES_BLOCK_SIZE); */
+                       memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
+                       iv = tmp3;
+                       iv2 = out;
+                       len -= AES_BLOCK_SIZE;
+                       }
+
+               /* And now forwards */
+               iv = ivec;
+               iv2 = ivec + AES_BLOCK_SIZE;
+               len = length;
+               while (len >= AES_BLOCK_SIZE)
+                       {
+                       memcpy(tmp, out, AES_BLOCK_SIZE);
+                       memcpy(tmp2, out, AES_BLOCK_SIZE);
+                       /*                      hexdump(stdout, "intermediate", out, AES_BLOCK_SIZE); */
+                       /*                      hexdump(stdout, "iv2", iv2, AES_BLOCK_SIZE); */
+                       for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+                               tmp[n] ^= iv2[n];
+                       /*                      hexdump(stdout, "out ^ iv2", tmp, AES_BLOCK_SIZE); */
+                       AES_decrypt(tmp, out, key);
+                       /*                      hexdump(stdout, "dec", out, AES_BLOCK_SIZE); */
+                       /*                      hexdump(stdout, "iv", ivec, AES_BLOCK_SIZE); */
+                       for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+                               out[n] ^= iv[n];
+                       /*                      hexdump(stdout, "out", out, AES_BLOCK_SIZE); */
+                       memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
+                       iv = tmp3;
+                       iv2 = out;
+                       len -= AES_BLOCK_SIZE;
+                       in += AES_BLOCK_SIZE;
+                       out += AES_BLOCK_SIZE;
+                       }
+
+               }
+       }
index c120623..2774d1c 100755 (executable)
@@ -6,7 +6,7 @@
 # forms are granted according to the OpenSSL license.
 # ====================================================================
 #
-# Version 3.4.
+# Version 3.6.
 #
 # You might fail to appreciate this module performance from the first
 # try. If compared to "vanilla" linux-ia32-icc target, i.e. considered
 # stack. This unfortunately has rather strong impact on small block CBC
 # performance, ~2x deterioration on 16-byte block if compared to 3.3.
 #
+# Version 3.5 checks if there is L1 cache aliasing between user-supplied
+# key schedule and S-boxes and abstains from copying the former if
+# there is no. This allows end-user to consciously retain small block
+# performance by aligning key schedule in specific manner.
+#
+# Version 3.6 compresses Td4 to 256 bytes and prefetches it in ECB.
+#
 # Current ECB performance numbers for 128-bit key in CPU cycles per
 # processed byte [measure commonly used by AES benchmarkers] are:
 #
@@ -505,28 +512,27 @@ sub declast()
        if($i==3)   {   &mov    ($key,&DWP(12,"esp"));          }
        else        {   &mov    ($out,$s[0]);                   }
                        &and    ($out,0xFF);
-                       &mov    ($out,&DWP(2048,$td,$out,4));
-                       &and    ($out,0x000000ff);
+                       &movz   ($out,&DWP(2048,$td,$out,1));
 
        if ($i==3)  {   $tmp=$s[1];                             }
                        &movz   ($tmp,&HB($s[1]));
-                       &mov    ($tmp,&DWP(2048,$td,$tmp,4));
-                       &and    ($tmp,0x0000ff00);
+                       &movz   ($tmp,&DWP(2048,$td,$tmp,1));
+                       &shl    ($tmp,8);
                        &xor    ($out,$tmp);
 
        if ($i==3)  {   $tmp=$s[2]; &mov ($s[1],$acc);          }
        else        {   mov     ($tmp,$s[2]);                   }
                        &shr    ($tmp,16);
                        &and    ($tmp,0xFF);
-                       &mov    ($tmp,&DWP(2048,$td,$tmp,4));
-                       &and    ($tmp,0x00ff0000);
+                       &movz   ($tmp,&DWP(2048,$td,$tmp,1));
+                       &shl    ($tmp,16);
                        &xor    ($out,$tmp);
 
        if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); }
        else        {   &mov    ($tmp,$s[3]);                   }
                        &shr    ($tmp,24);
-                       &mov    ($tmp,&DWP(2048,$td,$tmp,4));
-                       &and    ($tmp,0xff000000);
+                       &movz   ($tmp,&DWP(2048,$td,$tmp,1));
+                       &shl    ($tmp,24);
                        &xor    ($out,$tmp);
        if ($i<2)   {   &mov    (&DWP(4+4*$i,"esp"),$out);      }
        if ($i==3)  {   &mov    ($s[3],&DWP(4,"esp"));          }
@@ -687,70 +693,38 @@ sub declast()
        &_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664);
        &_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0);
 #Td4:
-       &data_word(0x52525252, 0x09090909, 0x6a6a6a6a, 0xd5d5d5d5);
-       &data_word(0x30303030, 0x36363636, 0xa5a5a5a5, 0x38383838);
-       &data_word(0xbfbfbfbf, 0x40404040, 0xa3a3a3a3, 0x9e9e9e9e);
-       &data_word(0x81818181, 0xf3f3f3f3, 0xd7d7d7d7, 0xfbfbfbfb);
-       &data_word(0x7c7c7c7c, 0xe3e3e3e3, 0x39393939, 0x82828282);
-       &data_word(0x9b9b9b9b, 0x2f2f2f2f, 0xffffffff, 0x87878787);
-       &data_word(0x34343434, 0x8e8e8e8e, 0x43434343, 0x44444444);
-       &data_word(0xc4c4c4c4, 0xdededede, 0xe9e9e9e9, 0xcbcbcbcb);
-       &data_word(0x54545454, 0x7b7b7b7b, 0x94949494, 0x32323232);
-       &data_word(0xa6a6a6a6, 0xc2c2c2c2, 0x23232323, 0x3d3d3d3d);
-       &data_word(0xeeeeeeee, 0x4c4c4c4c, 0x95959595, 0x0b0b0b0b);
-       &data_word(0x42424242, 0xfafafafa, 0xc3c3c3c3, 0x4e4e4e4e);
-       &data_word(0x08080808, 0x2e2e2e2e, 0xa1a1a1a1, 0x66666666);
-       &data_word(0x28282828, 0xd9d9d9d9, 0x24242424, 0xb2b2b2b2);
-       &data_word(0x76767676, 0x5b5b5b5b, 0xa2a2a2a2, 0x49494949);
-       &data_word(0x6d6d6d6d, 0x8b8b8b8b, 0xd1d1d1d1, 0x25252525);
-       &data_word(0x72727272, 0xf8f8f8f8, 0xf6f6f6f6, 0x64646464);
-       &data_word(0x86868686, 0x68686868, 0x98989898, 0x16161616);
-       &data_word(0xd4d4d4d4, 0xa4a4a4a4, 0x5c5c5c5c, 0xcccccccc);
-       &data_word(0x5d5d5d5d, 0x65656565, 0xb6b6b6b6, 0x92929292);
-       &data_word(0x6c6c6c6c, 0x70707070, 0x48484848, 0x50505050);
-       &data_word(0xfdfdfdfd, 0xedededed, 0xb9b9b9b9, 0xdadadada);
-       &data_word(0x5e5e5e5e, 0x15151515, 0x46464646, 0x57575757);
-       &data_word(0xa7a7a7a7, 0x8d8d8d8d, 0x9d9d9d9d, 0x84848484);
-       &data_word(0x90909090, 0xd8d8d8d8, 0xabababab, 0x00000000);
-       &data_word(0x8c8c8c8c, 0xbcbcbcbc, 0xd3d3d3d3, 0x0a0a0a0a);
-       &data_word(0xf7f7f7f7, 0xe4e4e4e4, 0x58585858, 0x05050505);
-       &data_word(0xb8b8b8b8, 0xb3b3b3b3, 0x45454545, 0x06060606);
-       &data_word(0xd0d0d0d0, 0x2c2c2c2c, 0x1e1e1e1e, 0x8f8f8f8f);
-       &data_word(0xcacacaca, 0x3f3f3f3f, 0x0f0f0f0f, 0x02020202);
-       &data_word(0xc1c1c1c1, 0xafafafaf, 0xbdbdbdbd, 0x03030303);
-       &data_word(0x01010101, 0x13131313, 0x8a8a8a8a, 0x6b6b6b6b);
-       &data_word(0x3a3a3a3a, 0x91919191, 0x11111111, 0x41414141);
-       &data_word(0x4f4f4f4f, 0x67676767, 0xdcdcdcdc, 0xeaeaeaea);
-       &data_word(0x97979797, 0xf2f2f2f2, 0xcfcfcfcf, 0xcececece);
-       &data_word(0xf0f0f0f0, 0xb4b4b4b4, 0xe6e6e6e6, 0x73737373);
-       &data_word(0x96969696, 0xacacacac, 0x74747474, 0x22222222);
-       &data_word(0xe7e7e7e7, 0xadadadad, 0x35353535, 0x85858585);
-       &data_word(0xe2e2e2e2, 0xf9f9f9f9, 0x37373737, 0xe8e8e8e8);
-       &data_word(0x1c1c1c1c, 0x75757575, 0xdfdfdfdf, 0x6e6e6e6e);
-       &data_word(0x47474747, 0xf1f1f1f1, 0x1a1a1a1a, 0x71717171);
-       &data_word(0x1d1d1d1d, 0x29292929, 0xc5c5c5c5, 0x89898989);
-       &data_word(0x6f6f6f6f, 0xb7b7b7b7, 0x62626262, 0x0e0e0e0e);
-       &data_word(0xaaaaaaaa, 0x18181818, 0xbebebebe, 0x1b1b1b1b);
-       &data_word(0xfcfcfcfc, 0x56565656, 0x3e3e3e3e, 0x4b4b4b4b);
-       &data_word(0xc6c6c6c6, 0xd2d2d2d2, 0x79797979, 0x20202020);
-       &data_word(0x9a9a9a9a, 0xdbdbdbdb, 0xc0c0c0c0, 0xfefefefe);
-       &data_word(0x78787878, 0xcdcdcdcd, 0x5a5a5a5a, 0xf4f4f4f4);
-       &data_word(0x1f1f1f1f, 0xdddddddd, 0xa8a8a8a8, 0x33333333);
-       &data_word(0x88888888, 0x07070707, 0xc7c7c7c7, 0x31313131);
-       &data_word(0xb1b1b1b1, 0x12121212, 0x10101010, 0x59595959);
-       &data_word(0x27272727, 0x80808080, 0xecececec, 0x5f5f5f5f);
-       &data_word(0x60606060, 0x51515151, 0x7f7f7f7f, 0xa9a9a9a9);
-       &data_word(0x19191919, 0xb5b5b5b5, 0x4a4a4a4a, 0x0d0d0d0d);
-       &data_word(0x2d2d2d2d, 0xe5e5e5e5, 0x7a7a7a7a, 0x9f9f9f9f);
-       &data_word(0x93939393, 0xc9c9c9c9, 0x9c9c9c9c, 0xefefefef);
-       &data_word(0xa0a0a0a0, 0xe0e0e0e0, 0x3b3b3b3b, 0x4d4d4d4d);
-       &data_word(0xaeaeaeae, 0x2a2a2a2a, 0xf5f5f5f5, 0xb0b0b0b0);
-       &data_word(0xc8c8c8c8, 0xebebebeb, 0xbbbbbbbb, 0x3c3c3c3c);
-       &data_word(0x83838383, 0x53535353, 0x99999999, 0x61616161);
-       &data_word(0x17171717, 0x2b2b2b2b, 0x04040404, 0x7e7e7e7e);
-       &data_word(0xbabababa, 0x77777777, 0xd6d6d6d6, 0x26262626);
-       &data_word(0xe1e1e1e1, 0x69696969, 0x14141414, 0x63636363);
-       &data_word(0x55555555, 0x21212121, 0x0c0c0c0c, 0x7d7d7d7d);
+       &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+       &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+       &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+       &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+       &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+       &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+       &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+       &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+       &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+       &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+       &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+       &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+       &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+       &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+       &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+       &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+       &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+       &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+       &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+       &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+       &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+       &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+       &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+       &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+       &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+       &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+       &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+       &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+       &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+       &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+       &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+       &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
 &function_end_B("_x86_AES_decrypt");
 
 # void AES_decrypt (const void *inp,void *out,const AES_KEY *key);
@@ -770,6 +744,18 @@ sub declast()
        &blindpop("ebp");
        &lea    ("ebp",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp"));
 
+       # prefetch Td4
+       &lea    ("ebp",&DWP(2048+128,"ebp"));
+       &mov    ($s0,&DWP(0-128,"ebp"));
+       &mov    ($s1,&DWP(32-128,"ebp"));
+       &mov    ($s2,&DWP(64-128,"ebp"));
+       &mov    ($s3,&DWP(96-128,"ebp"));
+       &mov    ($s0,&DWP(128-128,"ebp"));
+       &mov    ($s1,&DWP(160-128,"ebp"));
+       &mov    ($s2,&DWP(192-128,"ebp"));
+       &mov    ($s3,&DWP(224-128,"ebp"));
+       &lea    ("ebp",&DWP(-2048-128,"ebp"));
+
        &mov    ($s0,&DWP(0,$acc));             # load input data
        &mov    ($s1,&DWP(4,$acc));
        &mov    ($s2,&DWP(8,$acc));
@@ -805,6 +791,7 @@ my $_ivp=&DWP(36,"esp");    #copy of wparam(4)
 my $_tmp=&DWP(40,"esp");       #volatile variable
 my $ivec=&DWP(44,"esp");       #ivec[16]
 my $aes_key=&DWP(60,"esp");    #copy of aes_key
+my $mark=&DWP(60+240,"esp");   #copy of aes_key->rounds
 
 &public_label("AES_Te");
 &public_label("AES_Td");
@@ -865,18 +852,27 @@ my $aes_key=&DWP(60,"esp");       #copy of aes_key
        &mov    ($_key,$s3);            # save copy of key
        &mov    ($_ivp,$acc);           # save copy of ivp
 
+       &mov    ($mark,0);              # copy of aes_key->rounds = 0;
        if ($compromise) {
                &cmp    ($s2,$compromise);
                &jb     (&label("skip_ecopy"));
        }
-       # copy key schedule to stack
-       &mov    ("ecx",244/4);
+       # do we copy key schedule to stack?
+       &mov    ($s1 eq "ebx" ? $s1 : "",$s3);
+       &mov    ($s2 eq "ecx" ? $s2 : "",244/4);
+       &sub    ($s1,"ebp");
        &mov    ("esi",$s3);
+       &and    ($s1,0xfff);
        &lea    ("edi",$aes_key);
-       &mov    ($_key,"edi");
+       &cmp    ($s1,2048);
+       &jb     (&label("do_ecopy"));
+       &cmp    ($s1,4096-244);
+       &jb     (&label("skip_ecopy"));
        &align  (4);
-       &data_word(0xF689A5F3); # rep movsd
-       &set_label("skip_ecopy") if ($compromise);
+       &set_label("do_ecopy");
+               &mov    ($_key,"edi");
+               &data_word(0xA5F3F689); # rep movsd
+       &set_label("skip_ecopy");
 
        &mov    ($acc,$s0);
        &mov    ($key,16);
@@ -942,18 +938,16 @@ my $aes_key=&DWP(60,"esp");       #copy of aes_key
        &mov    (&DWP(8,$acc),$s2);
        &mov    (&DWP(12,$acc),$s3);
 
+       &cmp    ($mark,0);              # was the key schedule copied?
        &mov    ("edi",$_key);
        &mov    ("esp",$_esp);
-       if ($compromise) {
-               &cmp    (&wparam(2),$compromise);
-               &jb     (&label("skip_ezero"));
-       }
+       &je     (&label("skip_ezero"));
        # zero copy of key schedule
        &mov    ("ecx",240/4);
        &xor    ("eax","eax");
        &align  (4);
-       &data_word(0xF689ABF3); # rep stosd
-       &set_label("skip_ezero") if ($compromise);
+       &data_word(0xABF3F689); # rep stosd
+       &set_label("skip_ezero")
        &popf   ();
     &set_label("enc_out");
        &function_end_A();
@@ -968,7 +962,7 @@ my $aes_key=&DWP(60,"esp"); #copy of aes_key
        &cmp    ($key,$acc);                    # compare with inp
        &je     (&label("enc_in_place"));
        &align  (4);
-       &data_word(0xF689A4F3); # rep movsb     # copy input
+       &data_word(0xA4F3F689); # rep movsb     # copy input
        &jmp    (&label("enc_skip_in_place"));
     &set_label("enc_in_place");
        &lea    ($key,&DWP(0,$key,$s2));
@@ -976,7 +970,7 @@ my $aes_key=&DWP(60,"esp"); #copy of aes_key
        &mov    ($s2,$s1);
        &xor    ($s0,$s0);
        &align  (4);
-       &data_word(0xF689AAF3); # rep stosb     # zero tail
+       &data_word(0xAAF3F689); # rep stosb     # zero tail
        &pop    ($key);                         # pop ivp
 
        &mov    ($acc,$_out);                   # output as input
@@ -996,10 +990,10 @@ my $aes_key=&DWP(60,"esp");       #copy of aes_key
 
        # ... and make sure it doesn't alias with AES_Td modulo 4096
        &mov    ($s0,"ebp");
-       &lea    ($s1,&DWP(3072,"ebp"));
+       &lea    ($s1,&DWP(2048+256,"ebp"));
        &mov    ($s3,$key);
        &and    ($s0,0xfff);            # s = %ebp&0xfff
-       &and    ($s1,0xfff);            # e = (%ebp+3072)&0xfff
+       &and    ($s1,0xfff);            # e = (%ebp+2048+256)&0xfff
        &and    ($s3,0xfff);            # p = %esp&0xfff
 
        &cmp    ($s3,$s1);              # if (p>=e) %esp =- (p-e);
@@ -1030,21 +1024,30 @@ my $aes_key=&DWP(60,"esp");     #copy of aes_key
        &mov    ($_key,$s3);            # save copy of key
        &mov    ($_ivp,$acc);           # save copy of ivp
 
+       &mov    ($mark,0);              # copy of aes_key->rounds = 0;
        if ($compromise) {
                &cmp    ($s2,$compromise);
                &jb     (&label("skip_dcopy"));
        }
-       # copy key schedule to stack
-       &mov    ("ecx",244/4);
+       # do we copy key schedule to stack?
+       &mov    ($s1 eq "ebx" ? $s1 : "",$s3);
+       &mov    ($s2 eq "ecx" ? $s2 : "",244/4);
+       &sub    ($s1,"ebp");
        &mov    ("esi",$s3);
+       &and    ($s1,0xfff);
        &lea    ("edi",$aes_key);
-       &mov    ($_key,"edi");
+       &cmp    ($s1,2048+256);
+       &jb     (&label("do_dcopy"));
+       &cmp    ($s1,4096-244);
+       &jb     (&label("skip_dcopy"));
        &align  (4);
-       &data_word(0xF689A5F3); # rep movsd
-       &set_label("skip_dcopy") if ($compromise);
+       &set_label("do_dcopy");
+               &mov    ($_key,"edi");
+               &data_word(0xA5F3F689); # rep movsd
+       &set_label("skip_dcopy");
 
        &mov    ($acc,$s0);
-       &mov    ($key,24);
+       &mov    ($key,18);
        &align  (4);
        &set_label("prefetch_td");
                &mov    ($s0,&DWP(0,"ebp"));
@@ -1054,7 +1057,7 @@ my $aes_key=&DWP(60,"esp");       #copy of aes_key
                &lea    ("ebp",&DWP(128,"ebp"));
                &dec    ($key);
        &jnz    (&label("prefetch_td"));
-       &sub    ("ebp",3072);
+       &sub    ("ebp",2048+256);
 
        &cmp    ($acc,$_out);
        &je     (&label("dec_in_place"));       # in-place processing...
@@ -1121,7 +1124,7 @@ my $aes_key=&DWP(60,"esp");       #copy of aes_key
        &lea    ($s2 eq "ecx" ? $s2 : "",&DWP(16,$acc));
        &mov    ($acc eq "esi" ? $acc : "",$key);
        &mov    ($key eq "edi" ? $key : "",$_out);      # load out
-       &data_word(0xF689A4F3); # rep movsb             # copy output
+       &data_word(0xA4F3F689); # rep movsb             # copy output
        &mov    ($key,$_inp);                           # use inp as temp ivp
        &jmp    (&label("dec_end"));
 
@@ -1188,22 +1191,20 @@ my $aes_key=&DWP(60,"esp");     #copy of aes_key
        &lea    ($key,&DWP(0,$key,$s2));
        &lea    ($acc,&DWP(16,$acc,$s2));
        &neg    ($s2 eq "ecx" ? $s2 : "");
-       &data_word(0xF689A4F3); # rep movsb     # restore tail
+       &data_word(0xA4F3F689); # rep movsb     # restore tail
 
     &align     (4);
     &set_label("dec_out");
+    &cmp       ($mark,0);              # was the key schedule copied?
     &mov       ("edi",$_key);
     &mov       ("esp",$_esp);
-    if ($compromise) {
-       &cmp    (&wparam(2),$compromise);
-       &jb     (&label("skip_dzero"));
-    }
+    &je                (&label("skip_dzero"));
     # zero copy of key schedule
     &mov       ("ecx",240/4);
     &xor       ("eax","eax");
     &align     (4);
-    &data_word(0xF689ABF3);    # rep stosd
-    &set_label("skip_dzero") if ($compromise);
+    &data_word(0xABF3F689);    # rep stosd
+    &set_label("skip_dzero")
     &popf      ();
 &function_end("AES_cbc_encrypt");
 }
index 3e65314..a36356e 100644 (file)
@@ -57,6 +57,7 @@
  */
 
 #include <stdio.h>
+#include <limits.h>
 #include "cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/asn1.h>
@@ -83,10 +84,12 @@ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
 
 int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
        {
-       int i,first,len=0,c;
-       char tmp[24];
+       int i,first,len=0,c, use_bn;
+       char ftmp[24], *tmp = ftmp;
+       int tmpsize = sizeof ftmp;
        const char *p;
        unsigned long l;
+       BIGNUM *bl = NULL;
 
        if (num == 0)
                return(0);
@@ -98,7 +101,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
        num--;
        if ((c >= '0') && (c <= '2'))
                {
-               first=(c-'0')*40;
+               first= c-'0';
                }
        else
                {
@@ -122,6 +125,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
                        goto err;
                        }
                l=0;
+               use_bn = 0;
                for (;;)
                        {
                        if (num <= 0) break;
@@ -134,7 +138,22 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
                                ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT);
                                goto err;
                                }
-                       l=l*10L+(long)(c-'0');
+                       if (!use_bn && l > (ULONG_MAX / 10L))
+                               {
+                               use_bn = 1;
+                               if (!bl)
+                                       bl = BN_new();
+                               if (!bl || !BN_set_word(bl, l))
+                                       goto err;
+                               }
+                       if (use_bn)
+                               {
+                               if (!BN_mul_word(bl, 10L)
+                                       || !BN_add_word(bl, c-'0'))
+                                       goto err;
+                               }
+                       else
+                               l=l*10L+(long)(c-'0');
                        }
                if (len == 0)
                        {
@@ -143,14 +162,42 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
                                ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_SECOND_NUMBER_TOO_LARGE);
                                goto err;
                                }
-                       l+=(long)first;
+                       if (use_bn)
+                               {
+                               if (!BN_add_word(bl, first * 40))
+                                       goto err;
+                               }
+                       else
+                               l+=(long)first*40;
                        }
                i=0;
-               for (;;)
+               if (use_bn)
                        {
-                       tmp[i++]=(unsigned char)l&0x7f;
-                       l>>=7L;
-                       if (l == 0L) break;
+                       int blsize;
+                       blsize = BN_num_bits(bl);
+                       blsize = (blsize + 6)/7;
+                       if (blsize > tmpsize)
+                               {
+                               if (tmp != ftmp)
+                                       OPENSSL_free(tmp);
+                               tmpsize = blsize + 32;
+                               tmp = OPENSSL_malloc(tmpsize);
+                               if (!tmp)
+                                       goto err;
+                               }
+                       while(blsize--)
+                               tmp[i++] = (unsigned char)BN_div_word(bl, 0x80L);
+                       }
+               else
+                       {
+                                       
+                       for (;;)
+                               {
+                               tmp[i++]=(unsigned char)l&0x7f;
+                               l>>=7L;
+                               if (l == 0L) break;
+                               }
+
                        }
                if (out != NULL)
                        {
@@ -166,8 +213,16 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
                else
                        len+=i;
                }
+       if (tmp != ftmp)
+               OPENSSL_free(tmp);
+       if (bl)
+               BN_free(bl);
        return(len);
 err:
+       if (tmp != ftmp)
+               OPENSSL_free(tmp);
+       if (bl)
+               BN_free(bl);
        return(0);
        }
 
@@ -178,14 +233,24 @@ int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a)
 
 int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
        {
-       char buf[80];
+       char buf[80], *p = buf;
        int i;
 
        if ((a == NULL) || (a->data == NULL))
                return(BIO_write(bp,"NULL",4));
        i=i2t_ASN1_OBJECT(buf,sizeof buf,a);
-       if (i > (int)sizeof(buf)) i=sizeof buf;
-       BIO_write(bp,buf,i);
+       if (i > (int)(sizeof(buf) - 1))
+               {
+               p = OPENSSL_malloc(i + 1);
+               if (!p)
+                       return -1;
+               i2t_ASN1_OBJECT(p,i + 1,a);
+               }
+       if (i <= 0)
+               return BIO_write(bp, "<INVALID>", 9);
+       BIO_write(bp,p,i);
+       if (p != buf)
+               OPENSSL_free(p);
        return(i);
        }
 
index 45fe4bd..fc743c2 100644 (file)
@@ -194,6 +194,8 @@ static int do_buf(unsigned char *buf, int buflen,
                        if(i < 0) return -1;    /* Invalid UTF8String */
                        p += i;
                        break;
+                       default:
+                       return -1;      /* invalid width */
                }
                if (p == q) orflags = CHARTYPE_LAST_ESC_2253;
                if(type & BUF_TYPE_CONVUTF8) {
@@ -356,12 +358,13 @@ static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, ASN1_STR
        }
 
        len = do_buf(str->data, str->length, type, flags, &quotes, io_ch, NULL);
-       if(outlen < 0) return -1;
+       if(len < 0) return -1;
        outlen += len;
        if(quotes) outlen += 2;
        if(!arg) return outlen;
        if(quotes && !io_ch(arg, "\"", 1)) return -1;
-       do_buf(str->data, str->length, type, flags, NULL, io_ch, arg);
+       if(do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0)
+               return -1;
        if(quotes && !io_ch(arg, "\"", 1)) return -1;
        return outlen;
 }
index 2819678..30f1eec 100644 (file)
@@ -149,6 +149,7 @@ extern "C" {
 #define B_ASN1_UTF8STRING      0x2000
 #define B_ASN1_UTCTIME         0x4000
 #define B_ASN1_GENERALIZEDTIME 0x8000
+#define B_ASN1_SEQUENCE                0x10000
 
 /* For use with ASN1_mbstring_copy() */
 #define MBSTRING_FLAG          0x1000
@@ -594,6 +595,7 @@ typedef struct BIT_STRING_BITNAME_st {
                        B_ASN1_UNIVERSALSTRING|\
                        B_ASN1_BMPSTRING|\
                        B_ASN1_UTF8STRING|\
+                       B_ASN1_SEQUENCE|\
                        B_ASN1_UNKNOWN
 
 #define B_ASN1_DIRECTORYSTRING \
@@ -1045,7 +1047,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_ASN1_I2D_FP                              117
 #define ASN1_F_ASN1_INTEGER_SET                                 118
 #define ASN1_F_ASN1_INTEGER_TO_BN                       119
-#define ASN1_F_ASN1_ITEM_D2I_FP                                 190
+#define ASN1_F_ASN1_ITEM_D2I_FP                                 206
 #define ASN1_F_ASN1_ITEM_DUP                            191
 #define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW                         121
 #define ASN1_F_ASN1_ITEM_EX_D2I                                 120
index bef2519..c672d2e 100644 (file)
@@ -123,7 +123,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I),        "ASN1_TEMPLATE_EX_D2I"},
 {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW),   "ASN1_TEMPLATE_NEW"},
 {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I),     "ASN1_TEMPLATE_NOEXP_D2I"},
-{ERR_FUNC(ASN1_F_ASN1_TIME_SET),       "ASN1_TIME_set"},
+{ERR_FUNC(ASN1_F_ASN1_TIME_SET),       "ASN1_TIME_SET"},
 {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING),       "ASN1_TYPE_get_int_octetstring"},
 {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING),   "ASN1_TYPE_get_octetstring"},
 {ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING),  "ASN1_unpack_string"},
@@ -168,10 +168,10 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_OID_MODULE_INIT),     "OID_MODULE_INIT"},
 {ERR_FUNC(ASN1_F_PARSE_TAGGING),       "PARSE_TAGGING"},
 {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET),      "PKCS5_pbe2_set"},
-{ERR_FUNC(ASN1_F_PKCS5_PBE_SET),       "PKCS5_pbe_set"},
+{ERR_FUNC(ASN1_F_PKCS5_PBE_SET),       "PKCS5_PBE_SET"},
 {ERR_FUNC(ASN1_F_X509_CINF_NEW),       "X509_CINF_NEW"},
-{ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED),       "X509_CRL_add0_revoked"},
-{ERR_FUNC(ASN1_F_X509_INFO_NEW),       "X509_INFO_new"},
+{ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED),       "X509_CRL_ADD0_REVOKED"},
+{ERR_FUNC(ASN1_F_X509_INFO_NEW),       "X509_INFO_NEW"},
 {ERR_FUNC(ASN1_F_X509_NAME_ENCODE),    "X509_NAME_ENCODE"},
 {ERR_FUNC(ASN1_F_X509_NAME_EX_D2I),    "X509_NAME_EX_D2I"},
 {ERR_FUNC(ASN1_F_X509_NAME_EX_NEW),    "X509_NAME_EX_NEW"},
index e6e04a1..26c8327 100644 (file)
@@ -658,6 +658,8 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
                        ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_NOT_ASCII_FORMAT);
                        goto bad_form;
                        }
+               vtmp.name = NULL;
+               vtmp.section = NULL;
                vtmp.value = (char *)str;
                if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean))
                        {
index 37aa6b4..501b62a 100644 (file)
@@ -88,7 +88,10 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
                BIO_snprintf(str,sizeof str,"cont [ %d ]",tag);
        else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
                BIO_snprintf(str,sizeof str,"appl [ %d ]",tag);
-       else p = ASN1_tag2str(tag);
+       else if (tag > 30)
+               BIO_snprintf(str,sizeof str,"<ASN1 %d>",tag);
+       else
+               p = ASN1_tag2str(tag);
 
        if (p2 != NULL)
                {
index f882161..afb95d6 100644 (file)
@@ -109,7 +109,7 @@ int RSA_print(BIO *bp, const RSA *x, int off)
        char str[128];
        const char *s;
        unsigned char *m=NULL;
-       int ret=0;
+       int ret=0, mod_len = 0;
        size_t buf_len=0, i;
 
        if (x->n)
@@ -143,27 +143,37 @@ int RSA_print(BIO *bp, const RSA *x, int off)
                goto err;
                }
 
+       if (x->n != NULL)
+               mod_len = BN_num_bits(x->n);
+
        if (x->d != NULL)
                {
                if(!BIO_indent(bp,off,128))
                   goto err;
-               if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->n))
+               if (BIO_printf(bp,"Private-Key: (%d bit)\n", mod_len)
                        <= 0) goto err;
                }
 
        if (x->d == NULL)
-               BIO_snprintf(str,sizeof str,"Modulus (%d bit):",BN_num_bits(x->n));
+               BIO_snprintf(str,sizeof str,"Modulus (%d bit):", mod_len);
        else
                BUF_strlcpy(str,"modulus:",sizeof str);
        if (!print(bp,str,x->n,m,off)) goto err;
        s=(x->d == NULL)?"Exponent:":"publicExponent:";
-       if (!print(bp,s,x->e,m,off)) goto err;
-       if (!print(bp,"privateExponent:",x->d,m,off)) goto err;
-       if (!print(bp,"prime1:",x->p,m,off)) goto err;
-       if (!print(bp,"prime2:",x->q,m,off)) goto err;
-       if (!print(bp,"exponent1:",x->dmp1,m,off)) goto err;
-       if (!print(bp,"exponent2:",x->dmq1,m,off)) goto err;
-       if (!print(bp,"coefficient:",x->iqmp,m,off)) goto err;
+       if ((x->e != NULL) && !print(bp,s,x->e,m,off))
+               goto err;
+       if ((x->d != NULL) && !print(bp,"privateExponent:",x->d,m,off))
+               goto err;
+       if ((x->p != NULL) && !print(bp,"prime1:",x->p,m,off))
+               goto err;
+       if ((x->q != NULL) && !print(bp,"prime2:",x->q,m,off))
+               goto err;
+       if ((x->dmp1 != NULL) && !print(bp,"exponent1:",x->dmp1,m,off))
+               goto err;
+       if ((x->dmq1 != NULL) && !print(bp,"exponent2:",x->dmq1,m,off))
+               goto err;
+       if ((x->iqmp != NULL) && !print(bp,"coefficient:",x->iqmp,m,off))
+               goto err;
        ret=1;
 err:
        if (m != NULL) OPENSSL_free(m);
@@ -740,7 +750,7 @@ int DSAparams_print(BIO *bp, const DSA *x)
                buf_len = (size_t)BN_num_bytes(x->p);
        else
                {
-               DSAerr(DSA_F_DSA_PRINT,DSA_R_MISSING_PARAMETERS);
+               DSAerr(DSA_F_DSAPARAMS_PRINT,DSA_R_MISSING_PARAMETERS);
                goto err;
                }
        if (x->q)
@@ -752,7 +762,7 @@ int DSAparams_print(BIO *bp, const DSA *x)
        m=(unsigned char *)OPENSSL_malloc(buf_len+10);
        if (m == NULL)
                {
-               DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE);
+               DSAerr(DSA_F_DSAPARAMS_PRINT,ERR_R_MALLOC_FAILURE);
                goto err;
                }
 
@@ -760,8 +770,8 @@ int DSAparams_print(BIO *bp, const DSA *x)
                BN_num_bits(x->p)) <= 0)
                goto err;
        if (!print(bp,"p:",x->p,m,4)) goto err;
-       if (!print(bp,"q:",x->q,m,4)) goto err;
-       if (!print(bp,"g:",x->g,m,4)) goto err;
+       if ((x->q != NULL) && !print(bp,"q:",x->q,m,4)) goto err;
+       if ((x->g != NULL) && !print(bp,"g:",x->g,m,4)) goto err;
        ret=1;
 err:
        if (m != NULL) OPENSSL_free(m);
index 2b9c256..0294d8e 100644 (file)
@@ -98,7 +98,7 @@ static unsigned long tag2bit[32] = {
 B_ASN1_OCTET_STRING,   0,      0,              B_ASN1_UNKNOWN,/* tags  4- 7 */
 B_ASN1_UNKNOWN,        B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,/* tags  8-11 */
 B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */
-0,     0,      B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING,   /* tags 16-19 */
+B_ASN1_SEQUENCE,0,B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING, /* tags 16-19 */
 B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING,       /* tags 20-22 */
 B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME,                               /* tags 23-24 */ 
 B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING,  /* tags 25-27 */
@@ -158,7 +158,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
        const ASN1_EXTERN_FUNCS *ef;
        const ASN1_AUX *aux = it->funcs;
        ASN1_aux_cb *asn1_cb;
-       const unsigned char *p, *q;
+       const unsigned char *p = NULL, *q;
        unsigned char *wp=NULL; /* BIG FAT WARNING!  BREAKS CONST WHERE USED */
        unsigned char imphack = 0, oclass;
        char seq_eoc, seq_nolen, cst, isopt;
@@ -283,6 +283,12 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
                        {
                        wp = *(unsigned char **)in;
                        imphack = *wp;
+                       if (p == NULL)
+                               {
+                               ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+                                       ERR_R_NESTED_ASN1_ERROR);
+                               goto err;
+                               }
                        *wp = (unsigned char)((*p & V_ASN1_CONSTRUCTED)
                                                                | it->utype);
                        }
@@ -872,7 +878,10 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
                 * for UNIVERSAL class and ignore the tag.
                 */
                if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL))
+                       {
+                       free_cont = 1;
                        goto err;
+                       }
                len = buf.length;
                /* Append a final null to string */
                if (!BUF_MEM_grow_clean(&buf, len + 1))
@@ -924,6 +933,8 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
                if (!*pval)
                        {
                        typ = ASN1_TYPE_new();
+                       if (typ == NULL)
+                               goto err;
                        *pval = (ASN1_VALUE *)typ;
                        }
                else
@@ -1167,7 +1178,7 @@ static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
                        return 0;
 #endif
                        }
-               else if (!collect_data(buf, &p, plen))
+               else if (plen && !collect_data(buf, &p, plen))
                        return 0;
                len -= p - q;
                }
index 0f950db..25c94aa 100644 (file)
@@ -618,11 +618,14 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
                tbool = (ASN1_BOOLEAN *)pval;
                if (*tbool == -1)
                        return -1;
-               /* Default handling if value == size field then omit */
-               if (*tbool && (it->size > 0))
-                       return -1;
-               if (!*tbool && !it->size)
-                       return -1;
+               if (it->utype != V_ASN1_ANY)
+                       {
+                       /* Default handling if value == size field then omit */
+                       if (*tbool && (it->size > 0))
+                               return -1;
+                       if (!*tbool && !it->size)
+                               return -1;
+                       }
                c = (unsigned char)*tbool;
                cont = &c;
                len = 1;
index 7f49ccb..07333cf 100644 (file)
@@ -676,17 +676,20 @@ void BIO_copy_next_retry(BIO *b);
 
 /*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/
 
-#ifndef __GNUC__
-#define __attribute__(x)
+#ifdef __GNUC__
+#  define __bio_h__attr__ __attribute__
+#else
+#  define __bio_h__attr__(x)
 #endif
 int BIO_printf(BIO *bio, const char *format, ...)
-       __attribute__((__format__(__printf__,2,3)));
+       __bio_h__attr__((__format__(__printf__,2,3)));
 int BIO_vprintf(BIO *bio, const char *format, va_list args)
-       __attribute__((__format__(__printf__,2,0)));
+       __bio_h__attr__((__format__(__printf__,2,0)));
 int BIO_snprintf(char *buf, size_t n, const char *format, ...)
-       __attribute__((__format__(__printf__,3,4)));
+       __bio_h__attr__((__format__(__printf__,3,4)));
 int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
-       __attribute__((__format__(__printf__,3,0)));
+       __bio_h__attr__((__format__(__printf__,3,0)));
+#undef __bio_h__attr__
 
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
index 0c41b1b..c147278 100644 (file)
@@ -469,7 +469,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
                break;
        case BIO_C_DO_STATE_MACHINE:
                /* use this one to start the connection */
-               if (!(data->state != BIO_CONN_S_OK))
+               if (data->state != BIO_CONN_S_OK)
                        ret=(long)conn_state(b,data);
                else
                        ret=1;
index ad4b301..b277367 100644 (file)
@@ -128,7 +128,10 @@ BIO *BIO_new_file(const char *filename, const char *mode)
                return(NULL);
                }
        if ((ret=BIO_new(BIO_s_file_internal())) == NULL)
+               {
+               fclose(file);
                return(NULL);
+               }
 
        BIO_clear_flags(ret,BIO_FLAGS_UPLINK); /* we did fopen -> we disengage UPLINK */
        BIO_set_fp(ret,file,BIO_CLOSE);
index 7378344..f13f52d 100644 (file)
@@ -1,3 +1,6 @@
+#ifdef __SUNPRO_C
+# include "../bn_asm.c"        /* kind of dirty hack for Sun Studio */
+#else
 /*
  * x86_64 BIGNUM accelerator version 0.1, December 2002.
  *
@@ -591,3 +594,4 @@ void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
        r[6]=c1;
        r[7]=c2;
        }
+#endif
index 03ebd50..95c5d64 100644 (file)
@@ -412,9 +412,15 @@ int        BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
 int    BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
 int    BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
 int    BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx);
-/* BN_set_negative(): sets sign of a bignum */
+/** BN_set_negative sets sign of a BIGNUM
+ * \param  b  pointer to the BIGNUM object
+ * \param  n  0 if the BIGNUM b should be positive and a value != 0 otherwise 
+ */
 void   BN_set_negative(BIGNUM *b, int n);
-/* BN_get_negative():  returns 1 if the bignum is < 0 and 0 otherwise */
+/** BN_is_negative returns 1 if the BIGNUM is negative
+ * \param  a  pointer to the BIGNUM object
+ * \return 1 if a < 0 and 0 otherwise
+ */
 #define BN_is_negative(a) ((a)->neg != 0)
 
 int    BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
index 2af6540..6a79385 100644 (file)
@@ -1080,7 +1080,8 @@ int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a)
        BN_zero(a);
        for (i = 0; p[i] != 0; i++)
                {
-               BN_set_bit(a, p[i]);
+               if (BN_set_bit(a, p[i]) == 0)
+                       return 0;
                }
        BN_set_bit(a, 0);
        bn_check_top(a);
index 82af91f..961ca67 100644 (file)
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 /*
  * Details about Montgomery multiplication algorithms can be found at
@@ -353,18 +406,32 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
 BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
                                        const BIGNUM *mod, BN_CTX *ctx)
        {
-       if (*pmont)
-               return *pmont;
-       CRYPTO_w_lock(lock);
+       int got_write_lock = 0;
+       BN_MONT_CTX *ret;
+
+       CRYPTO_r_lock(lock);
        if (!*pmont)
                {
-               *pmont = BN_MONT_CTX_new();
-               if (*pmont && !BN_MONT_CTX_set(*pmont, mod, ctx))
+               CRYPTO_r_unlock(lock);
+               CRYPTO_w_lock(lock);
+               got_write_lock = 1;
+
+               if (!*pmont)
                        {
-                       BN_MONT_CTX_free(*pmont);
-                       *pmont = NULL;
+                       ret = BN_MONT_CTX_new();
+                       if (ret && !BN_MONT_CTX_set(ret, mod, ctx))
+                               BN_MONT_CTX_free(ret);
+                       else
+                               *pmont = ret;
                        }
                }
-       CRYPTO_w_unlock(lock);
-       return *pmont;
+       
+       ret = *pmont;
+       
+       if (got_write_lock)
+               CRYPTO_w_unlock(lock);
+       else
+               CRYPTO_r_unlock(lock);
+               
+       return ret;
        }
index d03403a..d57f658 100644 (file)
@@ -258,7 +258,8 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
 
        /* first look for small factors */
        if (!BN_is_odd(a))
-               return 0;
+               /* a is even => a is prime if and only if a == 2 */
+               return BN_is_word(a, 2);
        if (do_trial_division)
                {
                for (i = 1; i < NUMPRIMES; i++)
diff --git a/crypto/openssl-0.9/crypto/camellia/camellia.c b/crypto/openssl-0.9/crypto/camellia/camellia.c
new file mode 100644 (file)
index 0000000..6350546
--- /dev/null
@@ -0,0 +1,1688 @@
+/* crypto/camellia/camellia.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) . 
+ * ALL RIGHTS RESERVED.
+ *
+ * Intellectual Property information for Camellia:
+ *     http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
+ *
+ * News Release for Announcement of Camellia open source:
+ *     http://www.ntt.co.jp/news/news06e/0604/060413a.html
+ *
+ * The Camellia Code included herein is developed by
+ * NTT (Nippon Telegraph and Telephone Corporation), and is contributed
+ * to the OpenSSL project.
+ *
+ * The Camellia Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+/* Algorithm Specification 
+   http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
+*/
+
+
+#include <string.h>
+#include <stdlib.h>
+
+#include "camellia.h"
+#include "cmll_locl.h"
+
+/*
+ * must be defined uint32_t
+ */
+
+/* key constants */
+
+#define CAMELLIA_SIGMA1L (0xA09E667FL)
+#define CAMELLIA_SIGMA1R (0x3BCC908BL)
+#define CAMELLIA_SIGMA2L (0xB67AE858L)
+#define CAMELLIA_SIGMA2R (0x4CAA73B2L)
+#define CAMELLIA_SIGMA3L (0xC6EF372FL)
+#define CAMELLIA_SIGMA3R (0xE94F82BEL)
+#define CAMELLIA_SIGMA4L (0x54FF53A5L)
+#define CAMELLIA_SIGMA4R (0xF1D36F1CL)
+#define CAMELLIA_SIGMA5L (0x10E527FAL)
+#define CAMELLIA_SIGMA5R (0xDE682D1DL)
+#define CAMELLIA_SIGMA6L (0xB05688C2L)
+#define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
+
+/*
+ *  macros
+ */
+
+/* e is pointer of subkey */
+#ifdef L_ENDIAN
+
+#define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2 + 1])
+#define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2])
+
+#else /* big endian */
+
+#define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
+#define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
+
+#endif /* IS_LITTLE_ENDIAN */
+
+/* rotation right shift 1byte */
+#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
+/* rotation left shift 1bit */
+#define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
+/* rotation left shift 1byte */
+#define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
+
+#define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits)   \
+do                                                     \
+       {                                               \
+       w0 = ll;                                        \
+       ll = (ll << bits) + (lr >> (32 - bits));        \
+       lr = (lr << bits) + (rl >> (32 - bits));        \
+       rl = (rl << bits) + (rr >> (32 - bits));        \
+       rr = (rr << bits) + (w0 >> (32 - bits));        \
+       } while(0)
+
+#define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits)        \
+do                                                     \
+       {                                               \
+       w0 = ll;                                        \
+       w1 = lr;                                        \
+       ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
+       lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
+       rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
+       rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
+       } while(0)
+
+#define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
+#define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
+#define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
+#define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
+
+#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1)             \
+do                                                                     \
+       {                                                               \
+       il = xl ^ kl;                                                   \
+       ir = xr ^ kr;                                                   \
+       t0 = il >> 16;                                                  \
+       t1 = ir >> 16;                                                  \
+       yl = CAMELLIA_SP1110(ir & 0xff)                                 \
+               ^ CAMELLIA_SP0222((t1 >> 8) & 0xff)                     \
+               ^ CAMELLIA_SP3033(t1 & 0xff)                            \
+               ^ CAMELLIA_SP4404((ir >> 8) & 0xff);                    \
+       yr = CAMELLIA_SP1110((t0 >> 8) & 0xff)                          \
+               ^ CAMELLIA_SP0222(t0 & 0xff)                            \
+               ^ CAMELLIA_SP3033((il >> 8) & 0xff)                     \
+               ^ CAMELLIA_SP4404(il & 0xff);                           \
+       yl ^= yr;                                                       \
+       yr = CAMELLIA_RR8(yr);                                          \
+       yr ^= yl;                                                       \
+       } while(0)
+
+
+/*
+ * for speed up
+ *
+ */
+#if !defined(_MSC_VER)
+
+#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
+do                                                                     \
+       {                                                               \
+       t0 = kll;                                                       \
+       t2 = krr;                                                       \
+       t0 &= ll;                                                       \
+       t2 |= rr;                                                       \
+       rl ^= t2;                                                       \
+       lr ^= CAMELLIA_RL1(t0);                                         \
+       t3 = krl;                                                       \
+       t1 = klr;                                                       \
+       t3 &= rl;                                                       \
+       t1 |= lr;                                                       \
+       ll ^= t1;                                                       \
+       rr ^= CAMELLIA_RL1(t3);                                         \
+       } while(0)
+
+#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1)       \
+do                                                                     \
+       {                                                               \
+       ir =  CAMELLIA_SP1110(xr & 0xff);                               \
+       il =  CAMELLIA_SP1110((xl>>24) & 0xff);                         \
+       ir ^= CAMELLIA_SP0222((xr>>24) & 0xff);                         \
+       il ^= CAMELLIA_SP0222((xl>>16) & 0xff);                         \
+       ir ^= CAMELLIA_SP3033((xr>>16) & 0xff);                         \
+       il ^= CAMELLIA_SP3033((xl>>8) & 0xff);                          \
+       ir ^= CAMELLIA_SP4404((xr>>8) & 0xff);                          \
+       il ^= CAMELLIA_SP4404(xl & 0xff);                               \
+       il ^= kl;                                                       \
+       ir ^= il ^ kr;                                                  \
+       yl ^= ir;                                                       \
+       yr ^= CAMELLIA_RR8(il) ^ ir;                                    \
+       } while(0)
+
+#else /* for MS-VC */
+
+#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
+do                                                                     \
+       {                                                               \
+       t0 = kll;                                                       \
+       t0 &= ll;                                                       \
+       lr ^= CAMELLIA_RL1(t0);                                         \
+       t1 = klr;                                                       \
+       t1 |= lr;                                                       \
+       ll ^= t1;                                                       \
+                                                                       \
+       t2 = krr;                                                       \
+       t2 |= rr;                                                       \
+       rl ^= t2;                                                       \
+       t3 = krl;                                                       \
+       t3 &= rl;                                                       \
+       rr ^= CAMELLIA_RL1(t3);                                         \
+       } while(0)
+
+#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1)       \
+do                                                                     \
+       {                                                               \
+       il = xl;                                                        \
+       ir = xr;                                                        \
+       t0 = il >> 16;                                                  \
+       t1 = ir >> 16;                                                  \
+       ir = CAMELLIA_SP1110(ir & 0xff)                                 \
+               ^ CAMELLIA_SP0222((t1 >> 8) & 0xff)                     \
+               ^ CAMELLIA_SP3033(t1 & 0xff)                            \
+               ^ CAMELLIA_SP4404((ir >> 8) & 0xff);                    \
+       il = CAMELLIA_SP1110((t0 >> 8) & 0xff)                          \
+               ^ CAMELLIA_SP0222(t0 & 0xff)                            \
+               ^ CAMELLIA_SP3033((il >> 8) & 0xff)                     \
+               ^ CAMELLIA_SP4404(il & 0xff);                           \
+       il ^= kl;                                                       \
+       ir ^= kr;                                                       \
+       ir ^= il;                                                       \
+       il = CAMELLIA_RR8(il);                                          \
+       il ^= ir;                                                       \
+       yl ^= ir;                                                       \
+       yr ^= il;                                                       \
+       } while(0)
+#endif
+
+static const uint32_t camellia_sp1110[256] =
+       {
+       0x70707000,0x82828200,0x2c2c2c00,0xececec00,
+       0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
+       0xe4e4e400,0x85858500,0x57575700,0x35353500,
+       0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
+       0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
+       0x45454500,0x19191900,0xa5a5a500,0x21212100,
+       0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
+       0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
+       0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
+       0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
+       0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
+       0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
+       0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
+       0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
+       0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
+       0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
+       0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
+       0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
+       0x74747400,0x12121200,0x2b2b2b00,0x20202000,
+       0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
+       0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
+       0x34343400,0x7e7e7e00,0x76767600,0x05050500,
+       0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
+       0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
+       0x14141400,0x58585800,0x3a3a3a00,0x61616100,
+       0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
+       0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
+       0x53535300,0x18181800,0xf2f2f200,0x22222200,
+       0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
+       0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
+       0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
+       0x60606000,0xfcfcfc00,0x69696900,0x50505000,
+       0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
+       0xa1a1a100,0x89898900,0x62626200,0x97979700,
+       0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
+       0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
+       0x10101000,0xc4c4c400,0x00000000,0x48484800,
+       0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
+       0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
+       0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
+       0x87878700,0x5c5c5c00,0x83838300,0x02020200,
+       0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
+       0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
+       0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
+       0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
+       0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
+       0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
+       0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
+       0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
+       0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
+       0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
+       0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
+       0x78787800,0x98989800,0x06060600,0x6a6a6a00,
+       0xe7e7e700,0x46464600,0x71717100,0xbababa00,
+       0xd4d4d400,0x25252500,0xababab00,0x42424200,
+       0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
+       0x72727200,0x07070700,0xb9b9b900,0x55555500,
+       0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
+       0x36363600,0x49494900,0x2a2a2a00,0x68686800,
+       0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
+       0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
+       0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
+       0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
+       0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
+       };
+
+static const uint32_t camellia_sp0222[256] =
+       {
+       0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
+       0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
+       0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
+       0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
+       0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
+       0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
+       0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
+       0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
+       0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
+       0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
+       0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
+       0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
+       0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
+       0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
+       0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
+       0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
+       0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
+       0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
+       0x00e8e8e8,0x00242424,0x00565656,0x00404040,
+       0x00e1e1e1,0x00636363,0x00090909,0x00333333,
+       0x00bfbfbf,0x00989898,0x00979797,0x00858585,
+       0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
+       0x00dadada,0x006f6f6f,0x00535353,0x00626262,
+       0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
+       0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
+       0x00bdbdbd,0x00363636,0x00222222,0x00383838,
+       0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
+       0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
+       0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
+       0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
+       0x00484848,0x00101010,0x00d1d1d1,0x00515151,
+       0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
+       0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
+       0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
+       0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
+       0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
+       0x00202020,0x00898989,0x00000000,0x00909090,
+       0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
+       0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
+       0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
+       0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
+       0x009b9b9b,0x00949494,0x00212121,0x00666666,
+       0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
+       0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
+       0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
+       0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
+       0x00030303,0x002d2d2d,0x00dedede,0x00969696,
+       0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
+       0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
+       0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
+       0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
+       0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
+       0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
+       0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
+       0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
+       0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
+       0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
+       0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
+       0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
+       0x00787878,0x00707070,0x00e3e3e3,0x00494949,
+       0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
+       0x00777777,0x00939393,0x00868686,0x00838383,
+       0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
+       0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
+       };
+
+static const uint32_t camellia_sp3033[256] =
+       {
+       0x38003838,0x41004141,0x16001616,0x76007676,
+       0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
+       0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
+       0x75007575,0x06000606,0x57005757,0xa000a0a0,
+       0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
+       0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
+       0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
+       0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
+       0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
+       0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
+       0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
+       0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
+       0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
+       0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
+       0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
+       0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
+       0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
+       0xfd00fdfd,0x66006666,0x58005858,0x96009696,
+       0x3a003a3a,0x09000909,0x95009595,0x10001010,
+       0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
+       0xef00efef,0x26002626,0xe500e5e5,0x61006161,
+       0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
+       0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
+       0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
+       0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
+       0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
+       0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
+       0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
+       0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
+       0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
+       0x12001212,0x04000404,0x74007474,0x54005454,
+       0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
+       0x55005555,0x68006868,0x50005050,0xbe00bebe,
+       0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
+       0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
+       0x70007070,0xff00ffff,0x32003232,0x69006969,
+       0x08000808,0x62006262,0x00000000,0x24002424,
+       0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
+       0x45004545,0x81008181,0x73007373,0x6d006d6d,
+       0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
+       0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
+       0xe600e6e6,0x25002525,0x48004848,0x99009999,
+       0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
+       0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
+       0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
+       0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
+       0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
+       0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
+       0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
+       0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
+       0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
+       0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
+       0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
+       0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
+       0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
+       0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
+       0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
+       0x7c007c7c,0x77007777,0x56005656,0x05000505,
+       0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
+       0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
+       0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
+       0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
+       0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
+       0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
+       };
+
+static const uint32_t camellia_sp4404[256] =
+       {
+       0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
+       0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
+       0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
+       0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
+       0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
+       0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
+       0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
+       0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
+       0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
+       0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
+       0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
+       0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
+       0x14140014,0x3a3a003a,0xdede00de,0x11110011,
+       0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
+       0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
+       0x24240024,0xe8e800e8,0x60600060,0x69690069,
+       0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
+       0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
+       0x10100010,0x00000000,0xa3a300a3,0x75750075,
+       0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
+       0x87870087,0x83830083,0xcdcd00cd,0x90900090,
+       0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
+       0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
+       0x81810081,0x6f6f006f,0x13130013,0x63630063,
+       0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
+       0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
+       0x78780078,0x06060006,0xe7e700e7,0x71710071,
+       0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
+       0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
+       0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
+       0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
+       0x15150015,0xadad00ad,0x77770077,0x80800080,
+       0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
+       0x85850085,0x35350035,0x0c0c000c,0x41410041,
+       0xefef00ef,0x93930093,0x19190019,0x21210021,
+       0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
+       0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
+       0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
+       0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
+       0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
+       0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
+       0x12120012,0x20200020,0xb1b100b1,0x99990099,
+       0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
+       0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
+       0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
+       0x0f0f000f,0x16160016,0x18180018,0x22220022,
+       0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
+       0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
+       0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
+       0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
+       0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
+       0x03030003,0xdada00da,0x3f3f003f,0x94940094,
+       0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
+       0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
+       0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
+       0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
+       0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
+       0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
+       0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
+       0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
+       0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
+       0x49490049,0x68680068,0x38380038,0xa4a400a4,
+       0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
+       0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
+       };
+
+
+/**
+ * Stuff related to the Camellia key schedule
+ */
+#define subl(x) subL[(x)]
+#define subr(x) subR[(x)]
+
+void camellia_setup128(const unsigned char *key, uint32_t *subkey)
+       {
+       uint32_t kll, klr, krl, krr;
+       uint32_t il, ir, t0, t1, w0, w1;
+       uint32_t kw4l, kw4r, dw, tl, tr;
+       uint32_t subL[26];
+       uint32_t subR[26];
+
+       /**
+        *  k == kll || klr || krl || krr (|| is concatination)
+        */
+       kll = GETU32(key     );
+       klr = GETU32(key +  4);
+       krl = GETU32(key +  8);
+       krr = GETU32(key + 12);
+       /**
+        * generate KL dependent subkeys
+        */
+       /* kw1 */
+       subl(0) = kll; subr(0) = klr;
+       /* kw2 */
+       subl(1) = krl; subr(1) = krr;
+       /* rotation left shift 15bit */
+       CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+       /* k3 */
+       subl(4) = kll; subr(4) = klr;
+       /* k4 */
+       subl(5) = krl; subr(5) = krr;
+       /* rotation left shift 15+30bit */
+       CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
+       /* k7 */
+       subl(10) = kll; subr(10) = klr;
+       /* k8 */
+       subl(11) = krl; subr(11) = krr;
+       /* rotation left shift 15+30+15bit */
+       CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+       /* k10 */
+       subl(13) = krl; subr(13) = krr;
+       /* rotation left shift 15+30+15+17 bit */
+       CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+       /* kl3 */
+       subl(16) = kll; subr(16) = klr;
+       /* kl4 */
+       subl(17) = krl; subr(17) = krr;
+       /* rotation left shift 15+30+15+17+17 bit */
+       CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+       /* k13 */
+       subl(18) = kll; subr(18) = klr;
+       /* k14 */
+       subl(19) = krl; subr(19) = krr;
+       /* rotation left shift 15+30+15+17+17+17 bit */
+       CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+       /* k17 */
+       subl(22) = kll; subr(22) = klr;
+       /* k18 */
+       subl(23) = krl; subr(23) = krr;
+
+       /* generate KA */
+       kll = subl(0); klr = subr(0);
+       krl = subl(1); krr = subr(1);
+       CAMELLIA_F(kll, klr,
+               CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
+               w0, w1, il, ir, t0, t1);
+       krl ^= w0; krr ^= w1;
+       CAMELLIA_F(krl, krr,
+               CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
+               kll, klr, il, ir, t0, t1);
+       /* current status == (kll, klr, w0, w1) */
+       CAMELLIA_F(kll, klr,
+               CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
+               krl, krr, il, ir, t0, t1);
+       krl ^= w0; krr ^= w1;
+       CAMELLIA_F(krl, krr,
+               CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
+               w0, w1, il, ir, t0, t1);
+       kll ^= w0; klr ^= w1;
+
+       /* generate KA dependent subkeys */
+       /* k1, k2 */
+       subl(2) = kll; subr(2) = klr;
+       subl(3) = krl; subr(3) = krr;
+       CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+       /* k5,k6 */
+       subl(6) = kll; subr(6) = klr;
+       subl(7) = krl; subr(7) = krr;
+       CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+       /* kl1, kl2 */
+       subl(8) = kll; subr(8) = klr;
+       subl(9) = krl; subr(9) = krr;
+       CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+       /* k9 */
+       subl(12) = kll; subr(12) = klr;
+       CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+       /* k11, k12 */
+       subl(14) = kll; subr(14) = klr;
+       subl(15) = krl; subr(15) = krr;
+       CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
+       /* k15, k16 */
+       subl(20) = kll; subr(20) = klr;
+       subl(21) = krl; subr(21) = krr;
+       CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+       /* kw3, kw4 */
+       subl(24) = kll; subr(24) = klr;
+       subl(25) = krl; subr(25) = krr;
+
+
+       /* absorb kw2 to other subkeys */
+/* round 2 */
+       subl(3) ^= subl(1); subr(3) ^= subr(1);
+/* round 4 */
+       subl(5) ^= subl(1); subr(5) ^= subr(1);
+/* round 6 */
+       subl(7) ^= subl(1); subr(7) ^= subr(1);
+       subl(1) ^= subr(1) & ~subr(9);
+       dw = subl(1) & subl(9),
+               subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */
+/* round 8 */
+       subl(11) ^= subl(1); subr(11) ^= subr(1);
+/* round 10 */
+       subl(13) ^= subl(1); subr(13) ^= subr(1);
+/* round 12 */
+       subl(15) ^= subl(1); subr(15) ^= subr(1);
+       subl(1) ^= subr(1) & ~subr(17);
+       dw = subl(1) & subl(17),
+               subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */
+/* round 14 */
+       subl(19) ^= subl(1); subr(19) ^= subr(1);
+/* round 16 */
+       subl(21) ^= subl(1); subr(21) ^= subr(1);
+/* round 18 */
+       subl(23) ^= subl(1); subr(23) ^= subr(1);
+/* kw3 */
+       subl(24) ^= subl(1); subr(24) ^= subr(1);
+
+       /* absorb kw4 to other subkeys */
+       kw4l = subl(25); kw4r = subr(25);
+/* round 17 */
+       subl(22) ^= kw4l; subr(22) ^= kw4r;
+/* round 15 */
+       subl(20) ^= kw4l; subr(20) ^= kw4r;
+/* round 13 */
+       subl(18) ^= kw4l; subr(18) ^= kw4r;
+       kw4l ^= kw4r & ~subr(16);
+       dw = kw4l & subl(16),
+               kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
+/* round 11 */
+       subl(14) ^= kw4l; subr(14) ^= kw4r;
+/* round 9 */
+       subl(12) ^= kw4l; subr(12) ^= kw4r;
+/* round 7 */
+       subl(10) ^= kw4l; subr(10) ^= kw4r;
+       kw4l ^= kw4r & ~subr(8);
+       dw = kw4l & subl(8),
+               kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
+/* round 5 */
+       subl(6) ^= kw4l; subr(6) ^= kw4r;
+/* round 3 */
+       subl(4) ^= kw4l; subr(4) ^= kw4r;
+/* round 1 */
+       subl(2) ^= kw4l; subr(2) ^= kw4r;
+/* kw1 */
+       subl(0) ^= kw4l; subr(0) ^= kw4r;
+
+
+       /* key XOR is end of F-function */
+       CamelliaSubkeyL(0) = subl(0) ^ subl(2);/* kw1 */
+       CamelliaSubkeyR(0) = subr(0) ^ subr(2);
+       CamelliaSubkeyL(2) = subl(3);       /* round 1 */
+       CamelliaSubkeyR(2) = subr(3);
+       CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */
+       CamelliaSubkeyR(3) = subr(2) ^ subr(4);
+       CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */
+       CamelliaSubkeyR(4) = subr(3) ^ subr(5);
+       CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */
+       CamelliaSubkeyR(5) = subr(4) ^ subr(6);
+       CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */
+       CamelliaSubkeyR(6) = subr(5) ^ subr(7);
+       tl = subl(10) ^ (subr(10) & ~subr(8));
+       dw = tl & subl(8),  /* FL(kl1) */
+               tr = subr(10) ^ CAMELLIA_RL1(dw);
+       CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */
+       CamelliaSubkeyR(7) = subr(6) ^ tr;
+       CamelliaSubkeyL(8) = subl(8);       /* FL(kl1) */
+       CamelliaSubkeyR(8) = subr(8);
+       CamelliaSubkeyL(9) = subl(9);       /* FLinv(kl2) */
+       CamelliaSubkeyR(9) = subr(9);
+       tl = subl(7) ^ (subr(7) & ~subr(9));
+       dw = tl & subl(9),  /* FLinv(kl2) */
+               tr = subr(7) ^ CAMELLIA_RL1(dw);
+       CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */
+       CamelliaSubkeyR(10) = tr ^ subr(11);
+       CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */
+       CamelliaSubkeyR(11) = subr(10) ^ subr(12);
+       CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */
+       CamelliaSubkeyR(12) = subr(11) ^ subr(13);
+       CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */
+       CamelliaSubkeyR(13) = subr(12) ^ subr(14);
+       CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */
+       CamelliaSubkeyR(14) = subr(13) ^ subr(15);
+       tl = subl(18) ^ (subr(18) & ~subr(16));
+       dw = tl & subl(16), /* FL(kl3) */
+               tr = subr(18) ^ CAMELLIA_RL1(dw);
+       CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */
+       CamelliaSubkeyR(15) = subr(14) ^ tr;
+       CamelliaSubkeyL(16) = subl(16);     /* FL(kl3) */
+       CamelliaSubkeyR(16) = subr(16);
+       CamelliaSubkeyL(17) = subl(17);     /* FLinv(kl4) */
+       CamelliaSubkeyR(17) = subr(17);
+       tl = subl(15) ^ (subr(15) & ~subr(17));
+       dw = tl & subl(17), /* FLinv(kl4) */
+               tr = subr(15) ^ CAMELLIA_RL1(dw);
+       CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */
+       CamelliaSubkeyR(18) = tr ^ subr(19);
+       CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */
+       CamelliaSubkeyR(19) = subr(18) ^ subr(20);
+       CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */
+       CamelliaSubkeyR(20) = subr(19) ^ subr(21);
+       CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */
+       CamelliaSubkeyR(21) = subr(20) ^ subr(22);
+       CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */
+       CamelliaSubkeyR(22) = subr(21) ^ subr(23);
+       CamelliaSubkeyL(23) = subl(22);     /* round 18 */
+       CamelliaSubkeyR(23) = subr(22);
+       CamelliaSubkeyL(24) = subl(24) ^ subl(23); /* kw3 */
+       CamelliaSubkeyR(24) = subr(24) ^ subr(23);
+
+       /* apply the inverse of the last half of P-function */
+       dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2),
+               dw = CAMELLIA_RL8(dw);/* round 1 */
+       CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw,
+               CamelliaSubkeyL(2) = dw;
+       dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3),
+               dw = CAMELLIA_RL8(dw);/* round 2 */
+       CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw,
+               CamelliaSubkeyL(3) = dw;
+       dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4),
+               dw = CAMELLIA_RL8(dw);/* round 3 */
+       CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw,
+               CamelliaSubkeyL(4) = dw;
+       dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5),
+               dw = CAMELLIA_RL8(dw);/* round 4 */
+       CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw,
+               CamelliaSubkeyL(5) = dw;
+       dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6),
+               dw = CAMELLIA_RL8(dw);/* round 5 */
+       CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw,
+               CamelliaSubkeyL(6) = dw;
+       dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7),
+               dw = CAMELLIA_RL8(dw);/* round 6 */
+       CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw,
+               CamelliaSubkeyL(7) = dw;
+       dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10),
+               dw = CAMELLIA_RL8(dw);/* round 7 */
+       CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw,
+               CamelliaSubkeyL(10) = dw;
+       dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11),
+               dw = CAMELLIA_RL8(dw);/* round 8 */
+       CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw,
+               CamelliaSubkeyL(11) = dw;
+       dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12),
+               dw = CAMELLIA_RL8(dw);/* round 9 */
+       CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw,
+               CamelliaSubkeyL(12) = dw;
+       dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13),
+               dw = CAMELLIA_RL8(dw);/* round 10 */
+       CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw,
+               CamelliaSubkeyL(13) = dw;
+       dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14),
+               dw = CAMELLIA_RL8(dw);/* round 11 */
+       CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw,
+               CamelliaSubkeyL(14) = dw;
+       dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15),
+               dw = CAMELLIA_RL8(dw);/* round 12 */
+       CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw,
+               CamelliaSubkeyL(15) = dw;
+       dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18),
+               dw = CAMELLIA_RL8(dw);/* round 13 */
+       CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw,
+               CamelliaSubkeyL(18) = dw;
+       dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19),
+               dw = CAMELLIA_RL8(dw);/* round 14 */
+       CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw,
+               CamelliaSubkeyL(19) = dw;
+       dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20),
+               dw = CAMELLIA_RL8(dw);/* round 15 */
+       CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw,
+               CamelliaSubkeyL(20) = dw;
+       dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21),
+               dw = CAMELLIA_RL8(dw);/* round 16 */
+       CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw,
+               CamelliaSubkeyL(21) = dw;
+       dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22),
+               dw = CAMELLIA_RL8(dw);/* round 17 */
+       CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw,
+               CamelliaSubkeyL(22) = dw;
+       dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23),
+               dw = CAMELLIA_RL8(dw);/* round 18 */
+       CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw,
+               CamelliaSubkeyL(23) = dw;
+
+       return;
+       }
+
+void camellia_setup256(const unsigned char *key, uint32_t *subkey)
+       {
+       uint32_t kll,klr,krl,krr;           /* left half of key */
+       uint32_t krll,krlr,krrl,krrr;       /* right half of key */
+       uint32_t il, ir, t0, t1, w0, w1;    /* temporary variables */
+       uint32_t kw4l, kw4r, dw, tl, tr;
+       uint32_t subL[34];
+       uint32_t subR[34];
+
+       /**
+        *  key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
+        *  (|| is concatination)
+        */
+
+       kll  = GETU32(key     );
+       klr  = GETU32(key +  4);
+       krl  = GETU32(key +  8);
+       krr  = GETU32(key + 12);
+       krll = GETU32(key + 16);
+       krlr = GETU32(key + 20);
+       krrl = GETU32(key + 24);
+       krrr = GETU32(key + 28);
+
+       /* generate KL dependent subkeys */
+       /* kw1 */
+       subl(0) = kll; subr(0) = klr;
+       /* kw2 */
+       subl(1) = krl; subr(1) = krr;
+       CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
+       /* k9 */
+       subl(12) = kll; subr(12) = klr;
+       /* k10 */
+       subl(13) = krl; subr(13) = krr;
+       CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+       /* kl3 */
+       subl(16) = kll; subr(16) = klr;
+       /* kl4 */
+       subl(17) = krl; subr(17) = krr;
+       CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+       /* k17 */
+       subl(22) = kll; subr(22) = klr;
+       /* k18 */
+       subl(23) = krl; subr(23) = krr;
+       CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
+       /* k23 */
+       subl(30) = kll; subr(30) = klr;
+       /* k24 */
+       subl(31) = krl; subr(31) = krr;
+
+       /* generate KR dependent subkeys */
+       CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
+       /* k3 */
+       subl(4) = krll; subr(4) = krlr;
+       /* k4 */
+       subl(5) = krrl; subr(5) = krrr;
+       CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
+       /* kl1 */
+       subl(8) = krll; subr(8) = krlr;
+       /* kl2 */
+       subl(9) = krrl; subr(9) = krrr;
+       CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
+       /* k13 */
+       subl(18) = krll; subr(18) = krlr;
+       /* k14 */
+       subl(19) = krrl; subr(19) = krrr;
+       CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
+       /* k19 */
+       subl(26) = krll; subr(26) = krlr;
+       /* k20 */
+       subl(27) = krrl; subr(27) = krrr;
+       CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
+
+       /* generate KA */
+       kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
+       krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
+       CAMELLIA_F(kll, klr,
+               CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
+               w0, w1, il, ir, t0, t1);
+       krl ^= w0; krr ^= w1;
+       CAMELLIA_F(krl, krr,
+               CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
+               kll, klr, il, ir, t0, t1);
+       kll ^= krll; klr ^= krlr;
+       CAMELLIA_F(kll, klr,
+               CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
+               krl, krr, il, ir, t0, t1);
+       krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
+       CAMELLIA_F(krl, krr,
+               CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
+               w0, w1, il, ir, t0, t1);
+       kll ^= w0; klr ^= w1;
+
+       /* generate KB */
+       krll ^= kll; krlr ^= klr;
+       krrl ^= krl; krrr ^= krr;
+       CAMELLIA_F(krll, krlr,
+               CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
+               w0, w1, il, ir, t0, t1);
+       krrl ^= w0; krrr ^= w1;
+       CAMELLIA_F(krrl, krrr,
+               CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
+               w0, w1, il, ir, t0, t1);
+       krll ^= w0; krlr ^= w1;
+
+       /* generate KA dependent subkeys */
+       CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+       /* k5 */
+       subl(6) = kll; subr(6) = klr;
+       /* k6 */
+       subl(7) = krl; subr(7) = krr;
+       CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
+       /* k11 */
+       subl(14) = kll; subr(14) = klr;
+       /* k12 */
+       subl(15) = krl; subr(15) = krr;
+       /* rotation left shift 32bit */
+       /* kl5 */
+       subl(24) = klr; subr(24) = krl;
+       /* kl6 */
+       subl(25) = krr; subr(25) = kll;
+       /* rotation left shift 49 from k11,k12 -> k21,k22 */
+       CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
+       /* k21 */
+       subl(28) = kll; subr(28) = klr;
+       /* k22 */
+       subl(29) = krl; subr(29) = krr;
+
+       /* generate KB dependent subkeys */
+       /* k1 */
+       subl(2) = krll; subr(2) = krlr;
+       /* k2 */
+       subl(3) = krrl; subr(3) = krrr;
+       CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
+       /* k7 */
+       subl(10) = krll; subr(10) = krlr;
+       /* k8 */
+       subl(11) = krrl; subr(11) = krrr;
+       CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
+       /* k15 */
+       subl(20) = krll; subr(20) = krlr;
+       /* k16 */
+       subl(21) = krrl; subr(21) = krrr;
+       CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
+       /* kw3 */
+       subl(32) = krll; subr(32) = krlr;
+       /* kw4 */
+       subl(33) = krrl; subr(33) = krrr;
+
+       /* absorb kw2 to other subkeys */
+/* round 2 */
+       subl(3) ^= subl(1); subr(3) ^= subr(1);
+/* round 4 */
+       subl(5) ^= subl(1); subr(5) ^= subr(1);
+/* round 6 */
+       subl(7) ^= subl(1); subr(7) ^= subr(1);
+       subl(1) ^= subr(1) & ~subr(9);
+       dw = subl(1) & subl(9),
+               subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */
+/* round 8 */
+       subl(11) ^= subl(1); subr(11) ^= subr(1);
+/* round 10 */
+       subl(13) ^= subl(1); subr(13) ^= subr(1);
+/* round 12 */
+       subl(15) ^= subl(1); subr(15) ^= subr(1);
+       subl(1) ^= subr(1) & ~subr(17);
+       dw = subl(1) & subl(17),
+               subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */
+/* round 14 */
+       subl(19) ^= subl(1); subr(19) ^= subr(1);
+/* round 16 */
+       subl(21) ^= subl(1); subr(21) ^= subr(1);
+/* round 18 */
+       subl(23) ^= subl(1); subr(23) ^= subr(1);
+       subl(1) ^= subr(1) & ~subr(25);
+       dw = subl(1) & subl(25),
+               subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl6) */
+/* round 20 */
+       subl(27) ^= subl(1); subr(27) ^= subr(1);
+/* round 22 */
+       subl(29) ^= subl(1); subr(29) ^= subr(1);
+/* round 24 */
+       subl(31) ^= subl(1); subr(31) ^= subr(1);
+/* kw3 */
+       subl(32) ^= subl(1); subr(32) ^= subr(1);
+
+
+       /* absorb kw4 to other subkeys */
+       kw4l = subl(33); kw4r = subr(33);
+/* round 23 */
+       subl(30) ^= kw4l; subr(30) ^= kw4r;
+/* round 21 */
+       subl(28) ^= kw4l; subr(28) ^= kw4r;
+/* round 19 */
+       subl(26) ^= kw4l; subr(26) ^= kw4r;
+       kw4l ^= kw4r & ~subr(24);
+       dw = kw4l & subl(24),
+               kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl5) */
+/* round 17 */
+       subl(22) ^= kw4l; subr(22) ^= kw4r;
+/* round 15 */
+       subl(20) ^= kw4l; subr(20) ^= kw4r;
+/* round 13 */
+       subl(18) ^= kw4l; subr(18) ^= kw4r;
+       kw4l ^= kw4r & ~subr(16);
+       dw = kw4l & subl(16),
+               kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
+/* round 11 */
+       subl(14) ^= kw4l; subr(14) ^= kw4r;
+/* round 9 */
+       subl(12) ^= kw4l; subr(12) ^= kw4r;
+/* round 7 */
+       subl(10) ^= kw4l; subr(10) ^= kw4r;
+       kw4l ^= kw4r & ~subr(8);
+       dw = kw4l & subl(8),
+               kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
+/* round 5 */
+       subl(6) ^= kw4l; subr(6) ^= kw4r;
+/* round 3 */
+       subl(4) ^= kw4l; subr(4) ^= kw4r;
+/* round 1 */
+       subl(2) ^= kw4l; subr(2) ^= kw4r;
+/* kw1 */
+       subl(0) ^= kw4l; subr(0) ^= kw4r;
+
+       /* key XOR is end of F-function */
+       CamelliaSubkeyL(0) = subl(0) ^ subl(2);/* kw1 */
+       CamelliaSubkeyR(0) = subr(0) ^ subr(2);
+       CamelliaSubkeyL(2) = subl(3);       /* round 1 */
+       CamelliaSubkeyR(2) = subr(3);
+       CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */
+       CamelliaSubkeyR(3) = subr(2) ^ subr(4);
+       CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */
+       CamelliaSubkeyR(4) = subr(3) ^ subr(5);
+       CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */
+       CamelliaSubkeyR(5) = subr(4) ^ subr(6);
+       CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */
+       CamelliaSubkeyR(6) = subr(5) ^ subr(7);
+       tl = subl(10) ^ (subr(10) & ~subr(8));
+       dw = tl & subl(8),  /* FL(kl1) */
+               tr = subr(10) ^ CAMELLIA_RL1(dw);
+       CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */
+       CamelliaSubkeyR(7) = subr(6) ^ tr;
+       CamelliaSubkeyL(8) = subl(8);       /* FL(kl1) */
+       CamelliaSubkeyR(8) = subr(8);
+       CamelliaSubkeyL(9) = subl(9);       /* FLinv(kl2) */
+       CamelliaSubkeyR(9) = subr(9);
+       tl = subl(7) ^ (subr(7) & ~subr(9));
+       dw = tl & subl(9),  /* FLinv(kl2) */
+               tr = subr(7) ^ CAMELLIA_RL1(dw);
+       CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */
+       CamelliaSubkeyR(10) = tr ^ subr(11);
+       CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */
+       CamelliaSubkeyR(11) = subr(10) ^ subr(12);
+       CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */
+       CamelliaSubkeyR(12) = subr(11) ^ subr(13);
+       CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */
+       CamelliaSubkeyR(13) = subr(12) ^ subr(14);
+       CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */
+       CamelliaSubkeyR(14) = subr(13) ^ subr(15);
+       tl = subl(18) ^ (subr(18) & ~subr(16));
+       dw = tl & subl(16), /* FL(kl3) */
+               tr = subr(18) ^ CAMELLIA_RL1(dw);
+       CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */
+       CamelliaSubkeyR(15) = subr(14) ^ tr;
+       CamelliaSubkeyL(16) = subl(16);     /* FL(kl3) */
+       CamelliaSubkeyR(16) = subr(16);
+       CamelliaSubkeyL(17) = subl(17);     /* FLinv(kl4) */
+       CamelliaSubkeyR(17) = subr(17);
+       tl = subl(15) ^ (subr(15) & ~subr(17));
+       dw = tl & subl(17), /* FLinv(kl4) */
+               tr = subr(15) ^ CAMELLIA_RL1(dw);
+       CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */
+       CamelliaSubkeyR(18) = tr ^ subr(19);
+       CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */
+       CamelliaSubkeyR(19) = subr(18) ^ subr(20);
+       CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */
+       CamelliaSubkeyR(20) = subr(19) ^ subr(21);
+       CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */
+       CamelliaSubkeyR(21) = subr(20) ^ subr(22);
+       CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */
+       CamelliaSubkeyR(22) = subr(21) ^ subr(23);
+       tl = subl(26) ^ (subr(26)
+               & ~subr(24));
+       dw = tl & subl(24), /* FL(kl5) */
+               tr = subr(26) ^ CAMELLIA_RL1(dw);
+       CamelliaSubkeyL(23) = subl(22) ^ tl; /* round 18 */
+       CamelliaSubkeyR(23) = subr(22) ^ tr;
+       CamelliaSubkeyL(24) = subl(24);     /* FL(kl5) */
+       CamelliaSubkeyR(24) = subr(24);
+       CamelliaSubkeyL(25) = subl(25);     /* FLinv(kl6) */
+       CamelliaSubkeyR(25) = subr(25);
+       tl = subl(23) ^ (subr(23) &
+               ~subr(25));
+       dw = tl & subl(25), /* FLinv(kl6) */
+               tr = subr(23) ^ CAMELLIA_RL1(dw);
+       CamelliaSubkeyL(26) = tl ^ subl(27); /* round 19 */
+       CamelliaSubkeyR(26) = tr ^ subr(27);
+       CamelliaSubkeyL(27) = subl(26) ^ subl(28); /* round 20 */
+       CamelliaSubkeyR(27) = subr(26) ^ subr(28);
+       CamelliaSubkeyL(28) = subl(27) ^ subl(29); /* round 21 */
+       CamelliaSubkeyR(28) = subr(27) ^ subr(29);
+       CamelliaSubkeyL(29) = subl(28) ^ subl(30); /* round 22 */
+       CamelliaSubkeyR(29) = subr(28) ^ subr(30);
+       CamelliaSubkeyL(30) = subl(29) ^ subl(31); /* round 23 */
+       CamelliaSubkeyR(30) = subr(29) ^ subr(31);
+       CamelliaSubkeyL(31) = subl(30);     /* round 24 */
+       CamelliaSubkeyR(31) = subr(30);
+       CamelliaSubkeyL(32) = subl(32) ^ subl(31); /* kw3 */
+       CamelliaSubkeyR(32) = subr(32) ^ subr(31);
+
+       /* apply the inverse of the last half of P-function */
+       dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2),
+               dw = CAMELLIA_RL8(dw);/* round 1 */
+       CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw,
+               CamelliaSubkeyL(2) = dw;
+       dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3),
+               dw = CAMELLIA_RL8(dw);/* round 2 */
+       CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw,
+               CamelliaSubkeyL(3) = dw;
+       dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4),
+               dw = CAMELLIA_RL8(dw);/* round 3 */
+       CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw,
+               CamelliaSubkeyL(4) = dw;
+       dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5),
+               dw = CAMELLIA_RL8(dw);/* round 4 */
+       CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw,
+               CamelliaSubkeyL(5) = dw;
+       dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6),
+               dw = CAMELLIA_RL8(dw);/* round 5 */
+       CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw,
+               CamelliaSubkeyL(6) = dw;
+       dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7),
+               dw = CAMELLIA_RL8(dw);/* round 6 */
+       CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw,
+               CamelliaSubkeyL(7) = dw;
+       dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10),
+               dw = CAMELLIA_RL8(dw);/* round 7 */
+       CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw,
+               CamelliaSubkeyL(10) = dw;
+       dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11),
+               dw = CAMELLIA_RL8(dw);/* round 8 */
+       CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw,
+               CamelliaSubkeyL(11) = dw;
+       dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12),
+               dw = CAMELLIA_RL8(dw);/* round 9 */
+       CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw,
+               CamelliaSubkeyL(12) = dw;
+       dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13),
+               dw = CAMELLIA_RL8(dw);/* round 10 */
+       CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw,
+               CamelliaSubkeyL(13) = dw;
+       dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14),
+               dw = CAMELLIA_RL8(dw);/* round 11 */
+       CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw,
+               CamelliaSubkeyL(14) = dw;
+       dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15),
+               dw = CAMELLIA_RL8(dw);/* round 12 */
+       CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw,
+               CamelliaSubkeyL(15) = dw;
+       dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18),
+               dw = CAMELLIA_RL8(dw);/* round 13 */
+       CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw,
+               CamelliaSubkeyL(18) = dw;
+       dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19),
+               dw = CAMELLIA_RL8(dw);/* round 14 */
+       CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw,
+               CamelliaSubkeyL(19) = dw;
+       dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20),
+               dw = CAMELLIA_RL8(dw);/* round 15 */
+       CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw,
+               CamelliaSubkeyL(20) = dw;
+       dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21),
+               dw = CAMELLIA_RL8(dw);/* round 16 */
+       CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw,
+               CamelliaSubkeyL(21) = dw;
+       dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22),
+               dw = CAMELLIA_RL8(dw);/* round 17 */
+       CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw,
+               CamelliaSubkeyL(22) = dw;
+       dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23),
+               dw = CAMELLIA_RL8(dw);/* round 18 */
+       CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw,
+               CamelliaSubkeyL(23) = dw;
+       dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26),
+               dw = CAMELLIA_RL8(dw);/* round 19 */
+       CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw,
+               CamelliaSubkeyL(26) = dw;
+       dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27),
+               dw = CAMELLIA_RL8(dw);/* round 20 */
+       CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw,
+               CamelliaSubkeyL(27) = dw;
+       dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28),
+               dw = CAMELLIA_RL8(dw);/* round 21 */
+       CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw,
+               CamelliaSubkeyL(28) = dw;
+       dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29),
+               dw = CAMELLIA_RL8(dw);/* round 22 */
+       CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw,
+               CamelliaSubkeyL(29) = dw;
+       dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30),
+               dw = CAMELLIA_RL8(dw);/* round 23 */
+       CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw,
+               CamelliaSubkeyL(30) = dw;
+       dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31),
+               dw = CAMELLIA_RL8(dw);/* round 24 */
+       CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,
+               CamelliaSubkeyL(31) = dw;
+
+    
+       return;
+       }
+
+void camellia_setup192(const unsigned char *key, uint32_t *subkey)
+       {
+       unsigned char kk[32];
+       uint32_t krll, krlr, krrl,krrr;
+
+       memcpy(kk, key, 24);
+       memcpy((unsigned char *)&krll, key+16,4);
+       memcpy((unsigned char *)&krlr, key+20,4);
+       krrl = ~krll;
+       krrr = ~krlr;
+       memcpy(kk+24, (unsigned char *)&krrl, 4);
+       memcpy(kk+28, (unsigned char *)&krrr, 4);
+       camellia_setup256(kk, subkey);
+       return;
+       }
+
+
+/**
+ * Stuff related to camellia encryption/decryption
+ */
+void camellia_encrypt128(const uint32_t *subkey, uint32_t *io)
+       {
+       uint32_t il, ir, t0, t1;
+
+       SWAP4WORD(io);
+       /* pre whitening but absorb kw2*/
+       io[0] ^= CamelliaSubkeyL(0);
+       io[1] ^= CamelliaSubkeyR(0);
+       /* main iteration */
+
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(2),CamelliaSubkeyR(2),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(3),CamelliaSubkeyR(3),
+               io[0],io[1],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(4),CamelliaSubkeyR(4),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(5),CamelliaSubkeyR(5),
+               io[0],io[1],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(6),CamelliaSubkeyR(6),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(7),CamelliaSubkeyR(7),
+               io[0],io[1],il,ir,t0,t1);
+
+       CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+               CamelliaSubkeyL(8),CamelliaSubkeyR(8),
+               CamelliaSubkeyL(9),CamelliaSubkeyR(9),
+               t0,t1,il,ir);
+
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(10),CamelliaSubkeyR(10),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(11),CamelliaSubkeyR(11),
+               io[0],io[1],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(12),CamelliaSubkeyR(12),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(13),CamelliaSubkeyR(13),
+               io[0],io[1],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(14),CamelliaSubkeyR(14),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(15),CamelliaSubkeyR(15),
+               io[0],io[1],il,ir,t0,t1);
+
+       CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+               CamelliaSubkeyL(16),CamelliaSubkeyR(16),
+               CamelliaSubkeyL(17),CamelliaSubkeyR(17),
+               t0,t1,il,ir);
+
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(18),CamelliaSubkeyR(18),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(19),CamelliaSubkeyR(19),
+               io[0],io[1],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(20),CamelliaSubkeyR(20),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(21),CamelliaSubkeyR(21),
+               io[0],io[1],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(22),CamelliaSubkeyR(22),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(23),CamelliaSubkeyR(23),
+               io[0],io[1],il,ir,t0,t1);
+
+       /* post whitening but kw4 */
+       io[2] ^= CamelliaSubkeyL(24);
+       io[3] ^= CamelliaSubkeyR(24);
+
+       t0 = io[0];
+       t1 = io[1];
+       io[0] = io[2];
+       io[1] = io[3];
+       io[2] = t0;
+       io[3] = t1;
+       SWAP4WORD(io);
+       
+       return;
+       }
+
+void camellia_decrypt128(const uint32_t *subkey, uint32_t *io)
+       {
+       uint32_t il,ir,t0,t1;               /* temporary valiables */
+    
+       SWAP4WORD(io);
+
+       /* pre whitening but absorb kw2*/
+       io[0] ^= CamelliaSubkeyL(24);
+       io[1] ^= CamelliaSubkeyR(24);
+
+       /* main iteration */
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(23),CamelliaSubkeyR(23),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(22),CamelliaSubkeyR(22),
+               io[0],io[1],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(21),CamelliaSubkeyR(21),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(20),CamelliaSubkeyR(20),
+               io[0],io[1],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(19),CamelliaSubkeyR(19),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(18),CamelliaSubkeyR(18),
+               io[0],io[1],il,ir,t0,t1);
+
+       CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+               CamelliaSubkeyL(17),CamelliaSubkeyR(17),
+               CamelliaSubkeyL(16),CamelliaSubkeyR(16),
+               t0,t1,il,ir);
+
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(15),CamelliaSubkeyR(15),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(14),CamelliaSubkeyR(14),
+               io[0],io[1],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(13),CamelliaSubkeyR(13),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(12),CamelliaSubkeyR(12),
+               io[0],io[1],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(11),CamelliaSubkeyR(11),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(10),CamelliaSubkeyR(10),
+               io[0],io[1],il,ir,t0,t1);
+
+       CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+               CamelliaSubkeyL(9),CamelliaSubkeyR(9),
+               CamelliaSubkeyL(8),CamelliaSubkeyR(8),
+               t0,t1,il,ir);
+
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(7),CamelliaSubkeyR(7),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(6),CamelliaSubkeyR(6),
+               io[0],io[1],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(5),CamelliaSubkeyR(5),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(4),CamelliaSubkeyR(4),
+               io[0],io[1],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(3),CamelliaSubkeyR(3),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(2),CamelliaSubkeyR(2),
+               io[0],io[1],il,ir,t0,t1);
+
+       /* post whitening but kw4 */
+       io[2] ^= CamelliaSubkeyL(0);
+       io[3] ^= CamelliaSubkeyR(0);
+
+       t0 = io[0];
+       t1 = io[1];
+       io[0] = io[2];
+       io[1] = io[3];
+       io[2] = t0;
+       io[3] = t1;
+       SWAP4WORD(io);
+
+       return;
+       }
+
+/**
+ * stuff for 192 and 256bit encryption/decryption
+ */
+void camellia_encrypt256(const uint32_t *subkey, uint32_t *io)
+       {
+       uint32_t il,ir,t0,t1;           /* temporary valiables */
+
+       SWAP4WORD(io);
+
+       /* pre whitening but absorb kw2*/
+       io[0] ^= CamelliaSubkeyL(0);
+       io[1] ^= CamelliaSubkeyR(0);
+
+       /* main iteration */
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(2),CamelliaSubkeyR(2),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(3),CamelliaSubkeyR(3),
+               io[0],io[1],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(4),CamelliaSubkeyR(4),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(5),CamelliaSubkeyR(5),
+               io[0],io[1],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(6),CamelliaSubkeyR(6),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(7),CamelliaSubkeyR(7),
+               io[0],io[1],il,ir,t0,t1);
+
+       CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+               CamelliaSubkeyL(8),CamelliaSubkeyR(8),
+               CamelliaSubkeyL(9),CamelliaSubkeyR(9),
+               t0,t1,il,ir);
+
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(10),CamelliaSubkeyR(10),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(11),CamelliaSubkeyR(11),
+               io[0],io[1],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(12),CamelliaSubkeyR(12),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(13),CamelliaSubkeyR(13),
+               io[0],io[1],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(14),CamelliaSubkeyR(14),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(15),CamelliaSubkeyR(15),
+               io[0],io[1],il,ir,t0,t1);
+
+       CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+               CamelliaSubkeyL(16),CamelliaSubkeyR(16),
+               CamelliaSubkeyL(17),CamelliaSubkeyR(17),
+               t0,t1,il,ir);
+
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(18),CamelliaSubkeyR(18),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(19),CamelliaSubkeyR(19),
+               io[0],io[1],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(20),CamelliaSubkeyR(20),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(21),CamelliaSubkeyR(21),
+               io[0],io[1],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(22),CamelliaSubkeyR(22),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(23),CamelliaSubkeyR(23),
+               io[0],io[1],il,ir,t0,t1);
+
+       CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+               CamelliaSubkeyL(24),CamelliaSubkeyR(24),
+               CamelliaSubkeyL(25),CamelliaSubkeyR(25),
+               t0,t1,il,ir);
+
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(26),CamelliaSubkeyR(26),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(27),CamelliaSubkeyR(27),
+               io[0],io[1],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(28),CamelliaSubkeyR(28),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(29),CamelliaSubkeyR(29),
+               io[0],io[1],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(30),CamelliaSubkeyR(30),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(31),CamelliaSubkeyR(31),
+               io[0],io[1],il,ir,t0,t1);
+
+       /* post whitening but kw4 */
+       io[2] ^= CamelliaSubkeyL(32);
+       io[3] ^= CamelliaSubkeyR(32);
+
+       t0 = io[0];
+       t1 = io[1];
+       io[0] = io[2];
+       io[1] = io[3];
+       io[2] = t0;
+       io[3] = t1;
+       SWAP4WORD(io);
+
+       return;
+       }
+
+void camellia_decrypt256(const uint32_t *subkey, uint32_t *io)
+       {
+       uint32_t il,ir,t0,t1;           /* temporary valiables */
+
+       SWAP4WORD(io);
+       /* pre whitening but absorb kw2*/
+       io[0] ^= CamelliaSubkeyL(32);
+       io[1] ^= CamelliaSubkeyR(32);
+       
+       /* main iteration */
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(31),CamelliaSubkeyR(31),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(30),CamelliaSubkeyR(30),
+               io[0],io[1],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(29),CamelliaSubkeyR(29),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(28),CamelliaSubkeyR(28),
+               io[0],io[1],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(27),CamelliaSubkeyR(27),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(26),CamelliaSubkeyR(26),
+               io[0],io[1],il,ir,t0,t1);
+
+       CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+               CamelliaSubkeyL(25),CamelliaSubkeyR(25),
+               CamelliaSubkeyL(24),CamelliaSubkeyR(24),
+               t0,t1,il,ir);
+
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(23),CamelliaSubkeyR(23),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(22),CamelliaSubkeyR(22),
+               io[0],io[1],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(21),CamelliaSubkeyR(21),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(20),CamelliaSubkeyR(20),
+               io[0],io[1],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(19),CamelliaSubkeyR(19),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(18),CamelliaSubkeyR(18),
+               io[0],io[1],il,ir,t0,t1);
+
+       CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+               CamelliaSubkeyL(17),CamelliaSubkeyR(17),
+               CamelliaSubkeyL(16),CamelliaSubkeyR(16),
+               t0,t1,il,ir);
+
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(15),CamelliaSubkeyR(15),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(14),CamelliaSubkeyR(14),
+               io[0],io[1],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(13),CamelliaSubkeyR(13),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(12),CamelliaSubkeyR(12),
+               io[0],io[1],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(11),CamelliaSubkeyR(11),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(10),CamelliaSubkeyR(10),
+               io[0],io[1],il,ir,t0,t1);
+
+       CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+               CamelliaSubkeyL(9),CamelliaSubkeyR(9),
+               CamelliaSubkeyL(8),CamelliaSubkeyR(8),
+               t0,t1,il,ir);
+
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(7),CamelliaSubkeyR(7),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(6),CamelliaSubkeyR(6),
+               io[0],io[1],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(5),CamelliaSubkeyR(5),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(4),CamelliaSubkeyR(4),
+               io[0],io[1],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[0],io[1],
+               CamelliaSubkeyL(3),CamelliaSubkeyR(3),
+               io[2],io[3],il,ir,t0,t1);
+       CAMELLIA_ROUNDSM(io[2],io[3],
+               CamelliaSubkeyL(2),CamelliaSubkeyR(2),
+               io[0],io[1],il,ir,t0,t1);
+
+       /* post whitening but kw4 */
+       io[2] ^= CamelliaSubkeyL(0);
+       io[3] ^= CamelliaSubkeyR(0);
+
+       t0 = io[0];
+       t1 = io[1];
+       io[0] = io[2];
+       io[1] = io[3];
+       io[2] = t0;
+       io[3] = t1;
+       SWAP4WORD(io);
+
+       return;
+       }
+
similarity index 57%
copy from crypto/openssl-0.9/crypto/aes/aes.h
copy to crypto/openssl-0.9/crypto/camellia/camellia.h
index 9ffcc9f..3c8a359 100644 (file)
@@ -1,6 +1,6 @@
-/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/camellia/camellia.h -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  *
  */
 
-#ifndef HEADER_AES_H
-#define HEADER_AES_H
+#ifndef HEADER_CAMELLIA_H
+#define HEADER_CAMELLIA_H
 
 #include <openssl/opensslconf.h>
 
-#ifdef OPENSSL_NO_AES
-#error AES is disabled.
+#ifdef OPENSSL_NO_CAMELLIA
+#error CAMELLIA is disabled.
 #endif
 
-#define AES_ENCRYPT    1
-#define AES_DECRYPT    0
+#define CAMELLIA_ENCRYPT       1
+#define CAMELLIA_DECRYPT       0
 
 /* Because array size can't be a const in C, the following two are macros.
    Both sizes are in bytes. */
-#define AES_MAXNR 14
-#define AES_BLOCK_SIZE 16
 
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
 /* This should be a hidden type, but EVP requires that the size be known */
-struct aes_key_st {
-#ifdef AES_LONG
-    unsigned long rd_key[4 *(AES_MAXNR + 1)];
-#else
-    unsigned int rd_key[4 *(AES_MAXNR + 1)];
-#endif
-    int rounds;
-};
-typedef struct aes_key_st AES_KEY;
-
-const char *AES_options(void);
-
-int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-       AES_KEY *key);
-int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-       AES_KEY *key);
-
-void AES_encrypt(const unsigned char *in, unsigned char *out,
-       const AES_KEY *key);
-void AES_decrypt(const unsigned char *in, unsigned char *out,
-       const AES_KEY *key);
-
-void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
-       const AES_KEY *key, const int enc);
-void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
-       const unsigned long length, const AES_KEY *key,
+
+#define CAMELLIA_BLOCK_SIZE 16
+#define CAMELLIA_TABLE_BYTE_LEN 272
+#define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4)
+
+ /* to match with WORD */
+typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN];
+
+struct camellia_key_st 
+       {
+       KEY_TABLE_TYPE rd_key;
+       int bitLength;
+       void (*enc)(const unsigned int *subkey, unsigned int *io);
+       void (*dec)(const unsigned int *subkey, unsigned int *io);
+       };
+
+typedef struct camellia_key_st CAMELLIA_KEY;
+
+int Camellia_set_key(const unsigned char *userKey, const int bits,
+       CAMELLIA_KEY *key);
+
+void Camellia_encrypt(const unsigned char *in, unsigned char *out,
+       const CAMELLIA_KEY *key);
+void Camellia_decrypt(const unsigned char *in, unsigned char *out,
+       const CAMELLIA_KEY *key);
+
+void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
+       const CAMELLIA_KEY *key, const int enc);
+void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
+       const unsigned long length, const CAMELLIA_KEY *key,
        unsigned char *ivec, const int enc);
-void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
-       const unsigned long length, const AES_KEY *key,
+void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+       const unsigned long length, const CAMELLIA_KEY *key,
        unsigned char *ivec, int *num, const int enc);
-void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
-       const unsigned long length, const AES_KEY *key,
+void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+       const unsigned long length, const CAMELLIA_KEY *key,
        unsigned char *ivec, int *num, const int enc);
-void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
-       const unsigned long length, const AES_KEY *key,
+void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+       const unsigned long length, const CAMELLIA_KEY *key,
        unsigned char *ivec, int *num, const int enc);
-void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
-                           const int nbits,const AES_KEY *key,
-                           unsigned char *ivec,const int enc);
-void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
-       const unsigned long length, const AES_KEY *key,
+void Camellia_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
+       const int nbits,const CAMELLIA_KEY *key,
+       unsigned char *ivec,const int enc);
+void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+       const unsigned long length, const CAMELLIA_KEY *key,
        unsigned char *ivec, int *num);
-void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
-       const unsigned long length, const AES_KEY *key,
-       unsigned char ivec[AES_BLOCK_SIZE],
-       unsigned char ecount_buf[AES_BLOCK_SIZE],
+void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+       const unsigned long length, const CAMELLIA_KEY *key,
+       unsigned char ivec[CAMELLIA_BLOCK_SIZE],
+       unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE],
        unsigned int *num);
 
-
 #ifdef  __cplusplus
 }
 #endif
 
-#endif /* !HEADER_AES_H */
+#endif /* !HEADER_Camellia_H */
+
diff --git a/crypto/openssl-0.9/crypto/camellia/cmll_cbc.c b/crypto/openssl-0.9/crypto/camellia/cmll_cbc.c
new file mode 100644 (file)
index 0000000..24080e1
--- /dev/null
@@ -0,0 +1,234 @@
+/* crypto/camellia/camellia_cbc.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef CAMELLIA_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/camellia.h>
+#include "cmll_locl.h"
+
+void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                    const unsigned long length, const CAMELLIA_KEY *key,
+                    unsigned char *ivec, const int enc) {
+
+       unsigned long n;
+       unsigned long len = length;
+       unsigned char tmp[CAMELLIA_BLOCK_SIZE];
+       const unsigned char *iv = ivec;
+       uint32_t t32[UNITSIZE];
+
+
+       assert(in && out && key && ivec);
+       assert((CAMELLIA_ENCRYPT == enc)||(CAMELLIA_DECRYPT == enc));
+
+       if(((size_t)in) % ALIGN == 0
+               && ((size_t)out) % ALIGN == 0
+               && ((size_t)ivec) % ALIGN == 0)
+               {
+               if (CAMELLIA_ENCRYPT == enc)
+                       {
+                       while (len >= CAMELLIA_BLOCK_SIZE)
+                               {
+                               XOR4WORD2((uint32_t *)out,
+                                       (uint32_t *)in, (uint32_t *)iv);
+                               key->enc(key->rd_key, (uint32_t *)out);
+                               iv = out;
+                               len -= CAMELLIA_BLOCK_SIZE;
+                               in += CAMELLIA_BLOCK_SIZE;
+                               out += CAMELLIA_BLOCK_SIZE;
+                               }
+                       if (len)
+                               {
+                               for(n=0; n < len; ++n)
+                                       out[n] = in[n] ^ iv[n];
+                               for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n)
+                                       out[n] = iv[n];
+                               key->enc(key->rd_key, (uint32_t *)out);
+                               iv = out;
+                               }
+                       memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE);
+                       }
+               else if (in != out)
+                       {
+                       while (len >= CAMELLIA_BLOCK_SIZE)
+                               {
+                               memcpy(out,in,CAMELLIA_BLOCK_SIZE);
+                               key->dec(key->rd_key,(uint32_t *)out);
+                               XOR4WORD((uint32_t *)out, (uint32_t *)iv);
+                               iv = in;
+                               len -= CAMELLIA_BLOCK_SIZE;
+                               in  += CAMELLIA_BLOCK_SIZE;
+                               out += CAMELLIA_BLOCK_SIZE;
+                               }
+                       if (len)
+                               {
+                               memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);
+                               key->dec(key->rd_key, (uint32_t *)tmp);
+                               for(n=0; n < len; ++n)
+                                       out[n] = tmp[n] ^ iv[n];
+                               iv = in;
+                               }
+                       memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE);
+                       }
+               else /* in == out */
+                       {
+                       while (len >= CAMELLIA_BLOCK_SIZE)
+                               {
+                               memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);
+                               key->dec(key->rd_key, (uint32_t *)out);
+                               XOR4WORD((uint32_t *)out, (uint32_t *)ivec);
+                               memcpy(ivec, tmp, CAMELLIA_BLOCK_SIZE);
+                               len -= CAMELLIA_BLOCK_SIZE;
+                               in += CAMELLIA_BLOCK_SIZE;
+                               out += CAMELLIA_BLOCK_SIZE;
+                               }
+                       if (len)
+                               {
+                               memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);
+                               key->dec(key->rd_key,(uint32_t *)out);
+                               for(n=0; n < len; ++n)
+                                       out[n] ^= ivec[n];
+                               for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n)
+                                       out[n] = tmp[n];
+                               memcpy(ivec, tmp, CAMELLIA_BLOCK_SIZE);
+                               }
+                       }
+               }
+       else /* no aligned */
+               {
+               if (CAMELLIA_ENCRYPT == enc)
+                       {
+                       while (len >= CAMELLIA_BLOCK_SIZE)
+                               {
+                               for(n=0; n < CAMELLIA_BLOCK_SIZE; ++n)
+                                       out[n] = in[n] ^ iv[n];
+                               memcpy(t32, out, CAMELLIA_BLOCK_SIZE);
+                               key->enc(key->rd_key, t32);
+                               memcpy(out, t32, CAMELLIA_BLOCK_SIZE);
+                               iv = out;
+                               len -= CAMELLIA_BLOCK_SIZE;
+                               in += CAMELLIA_BLOCK_SIZE;
+                               out += CAMELLIA_BLOCK_SIZE;
+                               }
+                       if (len)
+                               {
+                               for(n=0; n < len; ++n)
+                                       out[n] = in[n] ^ iv[n];
+                               for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n)
+                                       out[n] = iv[n];
+                               key->enc(key->rd_key, (uint32_t *)out);
+                               iv = out;
+                               }
+                       memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE);
+                       }
+               else if (in != out)
+                       {
+                       while (len >= CAMELLIA_BLOCK_SIZE)
+                               {
+                               memcpy(t32,in,CAMELLIA_BLOCK_SIZE);
+                               key->dec(key->rd_key,t32);
+                               memcpy(out,t32,CAMELLIA_BLOCK_SIZE);
+                               for(n=0; n < CAMELLIA_BLOCK_SIZE; ++n)
+                                       out[n] ^= iv[n];
+                               iv = in;
+                               len -= CAMELLIA_BLOCK_SIZE;
+                               in  += CAMELLIA_BLOCK_SIZE;
+                               out += CAMELLIA_BLOCK_SIZE;
+                               }
+                       if (len)
+                               {
+                               memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);
+                               memcpy(t32, in, CAMELLIA_BLOCK_SIZE);
+                               key->dec(key->rd_key, t32);
+                               memcpy(out, t32, CAMELLIA_BLOCK_SIZE);
+                               for(n=0; n < len; ++n)
+                                       out[n] = tmp[n] ^ iv[n];
+                               iv = in;
+                               }
+                       memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE);
+                       }
+               else
+                       {
+                       while (len >= CAMELLIA_BLOCK_SIZE)
+                               {
+                               memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);
+                               memcpy(t32, in, CAMELLIA_BLOCK_SIZE);
+                               key->dec(key->rd_key, t32);
+                               memcpy(out, t32, CAMELLIA_BLOCK_SIZE);
+                               for(n=0; n < CAMELLIA_BLOCK_SIZE; ++n)
+                                       out[n] ^= ivec[n];
+                               memcpy(ivec, tmp, CAMELLIA_BLOCK_SIZE);
+                               len -= CAMELLIA_BLOCK_SIZE;
+                               in += CAMELLIA_BLOCK_SIZE;
+                               out += CAMELLIA_BLOCK_SIZE;
+                               }
+                       if (len)
+                               {
+                               memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);
+                               memcpy(t32, in, CAMELLIA_BLOCK_SIZE);
+                               key->dec(key->rd_key,t32);
+                               memcpy(out, t32, CAMELLIA_BLOCK_SIZE);
+                               for(n=0; n < len; ++n)
+                                       out[n] ^= ivec[n];
+                               for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n)
+                                       out[n] = tmp[n];
+                               memcpy(ivec, tmp, CAMELLIA_BLOCK_SIZE);
+                               }
+                       }
+               }
+}
+
similarity index 63%
copy from crypto/openssl-0.9/LICENSE
copy to crypto/openssl-0.9/crypto/camellia/cmll_cfb.c
index e6afecc..af0f9f4 100644 (file)
@@ -1,18 +1,6 @@
-
-  LICENSE ISSUES
-  ==============
-
-  The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
-  the OpenSSL License and the original SSLeay license apply to the toolkit.
-  See below for the actual license texts. Actually both licenses are BSD-style
-  Open Source licenses. In case of any license issues related to OpenSSL
-  please contact openssl-core@openssl.org.
-
-  OpenSSL License
-  ---------------
-
+/* crypto/camellia/camellia_cfb.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * OF THE POSSIBILITY OF SUCH DAMAGE.
  * ====================================================================
  *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
  */
-
- Original SSLeay License
- -----------------------
-
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * [including the GNU Public Licence.]
  */
 
+#ifndef CAMELLIA_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+#include <string.h>
+
+#include <openssl/camellia.h>
+#include "cmll_locl.h"
+#include "e_os.h"
+
+
+/* The input and output encrypted as though 128bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 128bit block we have used is contained in *num;
+ */
+
+void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+       const unsigned long length, const CAMELLIA_KEY *key,
+       unsigned char *ivec, int *num, const int enc)
+       {
+
+       unsigned int n;
+       unsigned long l = length;
+       unsigned char c;
+
+       assert(in && out && key && ivec && num);
+
+       n = *num;
+
+       if (enc) 
+               {
+               while (l--) 
+                       {
+                       if (n == 0) 
+                               {
+                               Camellia_encrypt(ivec, ivec, key);
+                               }
+                       ivec[n] = *(out++) = *(in++) ^ ivec[n];
+                       n = (n+1) % CAMELLIA_BLOCK_SIZE;
+                       }
+               } 
+       else 
+               {
+               while (l--) 
+                       {
+                       if (n == 0) 
+                               {
+                               Camellia_encrypt(ivec, ivec, key);
+                               }
+                       c = *(in);
+                       *(out++) = *(in++) ^ ivec[n];
+                       ivec[n] = c;
+                       n = (n+1) % CAMELLIA_BLOCK_SIZE;
+                       }
+               }
+
+       *num=n;
+       }
+
+/* This expects a single block of size nbits for both in and out. Note that
+   it corrupts any extra bits in the last byte of out */
+void Camellia_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
+       const int nbits,const CAMELLIA_KEY *key,
+       unsigned char *ivec,const int enc)
+       {
+       int n,rem,num;
+       unsigned char ovec[CAMELLIA_BLOCK_SIZE*2];
+
+       if (nbits<=0 || nbits>128) return;
+
+       /* fill in the first half of the new IV with the current IV */
+       memcpy(ovec,ivec,CAMELLIA_BLOCK_SIZE);
+       /* construct the new IV */
+       Camellia_encrypt(ivec,ivec,key);
+       num = (nbits+7)/8;
+       if (enc)        /* encrypt the input */
+               for(n=0 ; n < num ; ++n)
+                       out[n] = (ovec[CAMELLIA_BLOCK_SIZE+n] = in[n] ^ ivec[n]);
+       else            /* decrypt the input */
+               for(n=0 ; n < num ; ++n)
+                       out[n] = (ovec[CAMELLIA_BLOCK_SIZE+n] = in[n]) ^ ivec[n];
+       /* shift ovec left... */
+       rem = nbits%8;
+       num = nbits/8;
+       if(rem==0)
+               memcpy(ivec,ovec+num,CAMELLIA_BLOCK_SIZE);
+       else
+               for(n=0 ; n < CAMELLIA_BLOCK_SIZE ; ++n)
+                       ivec[n] = ovec[n+num]<<rem | ovec[n+num+1]>>(8-rem);
+
+       /* it is not necessary to cleanse ovec, since the IV is not secret */
+       }
+
+/* N.B. This expects the input to be packed, MS bit first */
+void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+       const unsigned long length, const CAMELLIA_KEY *key,
+       unsigned char *ivec, int *num, const int enc)
+       {
+       unsigned int n;
+       unsigned char c[1],d[1];
+
+       assert(in && out && key && ivec && num);
+       assert(*num == 0);
+
+       memset(out,0,(length+7)/8);
+       for(n=0 ; n < length ; ++n)
+               {
+               c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
+               Camellia_cfbr_encrypt_block(c,d,1,key,ivec,enc);
+               out[n/8]=(out[n/8]&~(1 << (7-n%8)))|((d[0]&0x80) >> (n%8));
+               }
+       }
+
+void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+       const unsigned long length, const CAMELLIA_KEY *key,
+       unsigned char *ivec, int *num, const int enc)
+       {
+       unsigned int n;
+
+       assert(in && out && key && ivec && num);
+       assert(*num == 0);
+
+       for(n=0 ; n < length ; ++n)
+               Camellia_cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc);
+       }
+
@@ -1,6 +1,6 @@
-/* crypto/rsa/rsa_depr.c */
+/* crypto/camellia/camellia_ctr.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * OF THE POSSIBILITY OF SUCH DAMAGE.
  * ====================================================================
  *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
  */
 
-/* NB: This file contains deprecated functions (compatibility wrappers to the
- * "new" versions). */
+#ifndef CAMELLIA_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <openssl/camellia.h>
+#include "cmll_locl.h"
+
+/* NOTE: the IV/counter CTR mode is big-endian.  The rest of the Camellia code
+ * is endian-neutral. */
+/* increment counter (128-bit int) by 1 */
+static void Camellia_ctr128_inc(unsigned char *counter) 
+       {
+       unsigned long c;
 
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
+       /* Grab bottom dword of counter and increment */
+       c = GETU32(counter + 12);
+       c++;    c &= 0xFFFFFFFF;
+       PUTU32(counter + 12, c);
 
-#ifdef OPENSSL_NO_DEPRECATED
+       /* if no overflow, we're done */
+       if (c)
+               return;
 
-static void *dummy=&dummy;
+       /* Grab 1st dword of counter and increment */
+       c = GETU32(counter +  8);
+       c++;    c &= 0xFFFFFFFF;
+       PUTU32(counter +  8, c);
 
-#else
+       /* if no overflow, we're done */
+       if (c)
+               return;
+
+       /* Grab 2nd dword of counter and increment */
+       c = GETU32(counter +  4);
+       c++;    c &= 0xFFFFFFFF;
+       PUTU32(counter +  4, c);
+
+       /* if no overflow, we're done */
+       if (c)
+               return;
+
+       /* Grab top dword of counter and increment */
+       c = GETU32(counter +  0);
+       c++;    c &= 0xFFFFFFFF;
+       PUTU32(counter +  0, c);
+       }
 
-RSA *RSA_generate_key(int bits, unsigned long e_value,
-            void (*callback)(int,int,void *), void *cb_arg)
+/* The input encrypted as though 128bit counter mode is being
+ * used.  The extra state information to record how much of the
+ * 128bit block we have used is contained in *num, and the
+ * encrypted counter is kept in ecount_buf.  Both *num and
+ * ecount_buf must be initialised with zeros before the first
+ * call to Camellia_ctr128_encrypt().
+ *
+ * This algorithm assumes that the counter is in the x lower bits
+ * of the IV (ivec), and that the application has full control over
+ * overflow and the rest of the IV.  This implementation takes NO
+ * responsability for checking that the counter doesn't overflow
+ * into the rest of the IV when incremented.
+ */
+void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+       const unsigned long length, const CAMELLIA_KEY *key,
+       unsigned char ivec[CAMELLIA_BLOCK_SIZE],
+       unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE],
+       unsigned int *num) 
        {
-       BN_GENCB cb;
-       int i;
-       RSA *rsa = RSA_new();
-       BIGNUM *e = BN_new();
 
-       if(!rsa || !e) goto err;
+       unsigned int n;
+       unsigned long l=length;
+
+       assert(in && out && key && counter && num);
+       assert(*num < CAMELLIA_BLOCK_SIZE);
+
+       n = *num;
 
-       /* The problem is when building with 8, 16, or 32 BN_ULONG,
-        * unsigned long can be larger */
-       for (i=0; i<(int)sizeof(unsigned long)*8; i++)
+       while (l--) 
                {
-               if (e_value & (1UL<<i))
-                       BN_set_bit(e,i);
+               if (n == 0) 
+                       {
+                       Camellia_encrypt(ivec, ecount_buf, key);
+                       Camellia_ctr128_inc(ivec);
+                       }
+               *(out++) = *(in++) ^ ecount_buf[n];
+               n = (n+1) % CAMELLIA_BLOCK_SIZE;
                }
 
-       BN_GENCB_set_old(&cb, callback, cb_arg);
-
-       if(RSA_generate_key_ex(rsa, bits, e, &cb)) {
-               BN_free(e);
-               return rsa;
-       }
-err:
-       if(e) BN_free(e);
-       if(rsa) RSA_free(rsa);
-       return 0;
+       *num=n;
        }
-#endif
+
@@ -1,6 +1,6 @@
-/* crypto/rsa/rsa_depr.c */
+/* crypto/camellia/camellia_ecb.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * OF THE POSSIBILITY OF SUCH DAMAGE.
  * ====================================================================
  *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
  */
 
-/* NB: This file contains deprecated functions (compatibility wrappers to the
- * "new" versions). */
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-
-#ifdef OPENSSL_NO_DEPRECATED
-
-static void *dummy=&dummy;
+#ifndef CAMELLIA_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
 
-#else
+#include <openssl/camellia.h>
+#include "cmll_locl.h"
 
-RSA *RSA_generate_key(int bits, unsigned long e_value,
-            void (*callback)(int,int,void *), void *cb_arg)
+void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
+       const CAMELLIA_KEY *key, const int enc) 
        {
-       BN_GENCB cb;
-       int i;
-       RSA *rsa = RSA_new();
-       BIGNUM *e = BN_new();
 
-       if(!rsa || !e) goto err;
+       assert(in && out && key);
+       assert((CAMELLIA_ENCRYPT == enc)||(CAMELLIA_DECRYPT == enc));
 
-       /* The problem is when building with 8, 16, or 32 BN_ULONG,
-        * unsigned long can be larger */
-       for (i=0; i<(int)sizeof(unsigned long)*8; i++)
-               {
-               if (e_value & (1UL<<i))
-                       BN_set_bit(e,i);
-               }
-
-       BN_GENCB_set_old(&cb, callback, cb_arg);
-
-       if(RSA_generate_key_ex(rsa, bits, e, &cb)) {
-               BN_free(e);
-               return rsa;
-       }
-err:
-       if(e) BN_free(e);
-       if(rsa) RSA_free(rsa);
-       return 0;
+       if (CAMELLIA_ENCRYPT == enc)
+               Camellia_encrypt(in, out, key);
+       else
+               Camellia_decrypt(in, out, key);
        }
-#endif
+
diff --git a/crypto/openssl-0.9/crypto/camellia/cmll_locl.h b/crypto/openssl-0.9/crypto/camellia/cmll_locl.h
new file mode 100644 (file)
index 0000000..8ea3639
--- /dev/null
@@ -0,0 +1,178 @@
+/* crypto/camellia/camellia_locl.h -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) . 
+ * ALL RIGHTS RESERVED.
+ *
+ * Intellectual Property information for Camellia:
+ *     http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
+ *
+ * News Release for Announcement of Camellia open source:
+ *     http://www.ntt.co.jp/news/news06e/0604/060413a.html
+ *
+ * The Camellia Code included herein is developed by
+ * NTT (Nippon Telegraph and Telephone Corporation), and is contributed
+ * to the OpenSSL project.
+ *
+ * The Camellia Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#ifndef HEADER_CAMELLIA_LOCL_H
+#define HEADER_CAMELLIA_LOCL_H
+
+#include "openssl/e_os2.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#if defined(_MSC_VER)
+typedef unsigned char uint8_t;
+typedef unsigned int uint32_t;
+typedef unsigned __int64 uint64_t;
+#else
+#include <inttypes.h>
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define ALIGN 4
+#define UNITSIZE 4
+
+#if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
+# define SWAP(x) ( _lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00 )
+# define GETU32(p) SWAP(*((uint32_t *)(p)))
+# define PUTU32(ct, st) { *((uint32_t *)(ct)) = SWAP((st)); }
+# define CAMELLIA_SWAP4(x) (x = ( _lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) )
+
+
+#else /* not windows */
+# define GETU32(pt) (((uint32_t)(pt)[0] << 24) \
+       ^ ((uint32_t)(pt)[1] << 16) \
+       ^ ((uint32_t)(pt)[2] <<  8) \
+       ^ ((uint32_t)(pt)[3]))
+
+# define PUTU32(ct, st) { (ct)[0] = (uint8_t)((st) >> 24); \
+       (ct)[1] = (uint8_t)((st) >> 16); \
+       (ct)[2] = (uint8_t)((st) >>  8); \
+       (ct)[3] = (uint8_t)(st); }
+
+#ifdef L_ENDIAN
+#if (defined (__GNUC__) && !defined(i386))
+#define CAMELLIA_SWAP4(x) \
+  do{\
+    asm("bswap %1" : "+r" (x));\
+  }while(0)
+#else /* not gcc */
+#define CAMELLIA_SWAP4(x) \
+   do{\
+     x = ((uint32_t)x << 16) + ((uint32_t)x >> 16);\
+     x = (((uint32_t)x & 0xff00ff) << 8) + (((uint32_t)x >> 8) & 0xff00ff);\
+   } while(0)
+#endif /* not gcc */
+#else /* big endian */
+#define CAMELLIA_SWAP4(x)
+#endif /* L_ENDIAN */
+#endif
+
+#define COPY4WORD(dst, src)     \
+            do                  \
+                    {           \
+                    (dst)[0]=(src)[0];         \
+                    (dst)[1]=(src)[1];         \
+                    (dst)[2]=(src)[2];         \
+                    (dst)[3]=(src)[3];         \
+                    }while(0)
+
+#define SWAP4WORD(word)                                \
+   do                                          \
+          {                                    \
+          CAMELLIA_SWAP4((word)[0]);                   \
+          CAMELLIA_SWAP4((word)[1]);                   \
+          CAMELLIA_SWAP4((word)[2]);                   \
+          CAMELLIA_SWAP4((word)[3]);                   \
+          }while(0)
+
+#define XOR4WORD(a, b)/* a = a ^ b */          \
+   do                                          \
+       {                                       \
+       (a)[0]^=(b)[0];                         \
+       (a)[1]^=(b)[1];                         \
+       (a)[2]^=(b)[2];                         \
+       (a)[3]^=(b)[3];                         \
+       }while(0)
+
+#define XOR4WORD2(a, b, c)/* a = b ^ c */      \
+   do                                          \
+       {                                       \
+       (a)[0]=(b)[0]^(c)[0];                   \
+       (a)[1]=(b)[1]^(c)[1];                           \
+       (a)[2]=(b)[2]^(c)[2];                           \
+       (a)[3]=(b)[3]^(c)[3];                           \
+       }while(0)
+
+
+void camellia_setup128(const unsigned char *key, uint32_t *subkey);
+void camellia_setup192(const unsigned char *key, uint32_t *subkey);
+void camellia_setup256(const unsigned char *key, uint32_t *subkey);
+
+void camellia_encrypt128(const uint32_t *subkey, uint32_t *io);
+void camellia_decrypt128(const uint32_t *subkey, uint32_t *io);
+void camellia_encrypt256(const uint32_t *subkey, uint32_t *io);
+void camellia_decrypt256(const uint32_t *subkey, uint32_t *io);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* #ifndef HEADER_CAMELLIA_LOCL_H */
+
@@ -1,6 +1,6 @@
-/* crypto/rsa/rsa_depr.c */
+/* crypto/camellia/camellia_misc.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * OF THE POSSIBILITY OF SUCH DAMAGE.
  * ====================================================================
  *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
  */
+#include <openssl/opensslv.h>
+#include <openssl/camellia.h>
+#include "cmll_locl.h"
 
-/* NB: This file contains deprecated functions (compatibility wrappers to the
- * "new" versions). */
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-
-#ifdef OPENSSL_NO_DEPRECATED
-
-static void *dummy=&dummy;
-
-#else
+const char *CAMELLIA_version="CAMELLIA" OPENSSL_VERSION_PTEXT;
 
-RSA *RSA_generate_key(int bits, unsigned long e_value,
-            void (*callback)(int,int,void *), void *cb_arg)
+int Camellia_set_key(const unsigned char *userKey, const int bits,
+       CAMELLIA_KEY *key)
        {
-       BN_GENCB cb;
-       int i;
-       RSA *rsa = RSA_new();
-       BIGNUM *e = BN_new();
-
-       if(!rsa || !e) goto err;
-
-       /* The problem is when building with 8, 16, or 32 BN_ULONG,
-        * unsigned long can be larger */
-       for (i=0; i<(int)sizeof(unsigned long)*8; i++)
+       if (!userKey || !key)
+               {
+               return -1;
+               }
+       
+       switch(bits)
                {
-               if (e_value & (1UL<<i))
-                       BN_set_bit(e,i);
+       case 128:
+               camellia_setup128(userKey, (unsigned int *)key->rd_key);
+               key->enc = camellia_encrypt128;
+               key->dec = camellia_decrypt128;
+               break;
+       case 192:
+               camellia_setup192(userKey, (unsigned int *)key->rd_key);
+               key->enc = camellia_encrypt256;
+               key->dec = camellia_decrypt256;
+               break;
+       case 256:
+               camellia_setup256(userKey, (unsigned int *)key->rd_key);
+               key->enc = camellia_encrypt256;
+               key->dec = camellia_decrypt256;
+               break;
+       default:
+               return -2;
                }
+       
+       key->bitLength = bits;
+       return 0;
+       }
 
-       BN_GENCB_set_old(&cb, callback, cb_arg);
+void Camellia_encrypt(const unsigned char *in, unsigned char *out,
+       const CAMELLIA_KEY *key)
+       {
+       uint32_t tmp[UNITSIZE];
 
-       if(RSA_generate_key_ex(rsa, bits, e, &cb)) {
-               BN_free(e);
-               return rsa;
+       memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);
+       key->enc(key->rd_key, tmp);
+       memcpy(out, tmp, CAMELLIA_BLOCK_SIZE);
        }
-err:
-       if(e) BN_free(e);
-       if(rsa) RSA_free(rsa);
-       return 0;
+
+void Camellia_decrypt(const unsigned char *in, unsigned char *out,
+       const CAMELLIA_KEY *key)
+       {
+       uint32_t tmp[UNITSIZE];
+
+       memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);
+       key->dec(key->rd_key, tmp);
+       memcpy(out, tmp, CAMELLIA_BLOCK_SIZE);
        }
-#endif
+
similarity index 86%
copy from crypto/openssl-0.9/LICENSE
copy to crypto/openssl-0.9/crypto/camellia/cmll_ofb.c
index e6afecc..d89cf9f 100644 (file)
@@ -1,18 +1,6 @@
-
-  LICENSE ISSUES
-  ==============
-
-  The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
-  the OpenSSL License and the original SSLeay license apply to the toolkit.
-  See below for the actual license texts. Actually both licenses are BSD-style
-  Open Source licenses. In case of any license issues related to OpenSSL
-  please contact openssl-core@openssl.org.
-
-  OpenSSL License
-  ---------------
-
+/* crypto/camellia/camellia_ofb.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * OF THE POSSIBILITY OF SUCH DAMAGE.
  * ====================================================================
  *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
  */
-
- Original SSLeay License
- -----------------------
-
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * [including the GNU Public Licence.]
  */
 
+#ifndef CAMELLIA_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+#include <openssl/camellia.h>
+#include "cmll_locl.h"
+
+/* The input and output encrypted as though 128bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 128bit block we have used is contained in *num;
+ */
+void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+       const unsigned long length, const CAMELLIA_KEY *key,
+       unsigned char *ivec, int *num) {
+
+       unsigned int n;
+       unsigned long l=length;
+
+       assert(in && out && key && ivec && num);
+
+       n = *num;
+
+       while (l--) {
+               if (n == 0) {
+                       Camellia_encrypt(ivec, ivec, key);
+               }
+               *(out++) = *(in++) ^ ivec[n];
+               n = (n+1) % CAMELLIA_BLOCK_SIZE;
+       }
+
+       *num=n;
+}
index 8263f73..941b807 100644 (file)
@@ -67,46 +67,25 @@ static COMP_METHOD zlib_stateful_method={
  * When OpenSSL is built on Windows, we do not want to require that
  * the ZLIB.DLL be available in order for the OpenSSL DLLs to
  * work.  Therefore, all ZLIB routines are loaded at run time
- * and we do not link to a .LIB file.
+ * and we do not link to a .LIB file when ZLIB_SHARED is set.
  */
 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
 # include <windows.h>
-
-# define Z_CALLCONV _stdcall
-# ifndef ZLIB_SHARED
-#  define ZLIB_SHARED
-# endif
-#else
-# define Z_CALLCONV
 #endif /* !(OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32) */
 
 #ifdef ZLIB_SHARED
 #include <openssl/dso.h>
 
-/* Prototypes for built in stubs */
-#if 0
-static int stub_compress(Bytef *dest,uLongf *destLen,
-       const Bytef *source, uLong sourceLen);
-#endif
-static int stub_inflateEnd(z_streamp strm);
-static int stub_inflate(z_streamp strm, int flush);
-static int stub_inflateInit_(z_streamp strm, const char * version,
-       int stream_size);
-static int stub_deflateEnd(z_streamp strm);
-static int stub_deflate(z_streamp strm, int flush);
-static int stub_deflateInit_(z_streamp strm, int level,
-       const char * version, int stream_size);
-
 /* Function pointers */
-typedef int (Z_CALLCONV *compress_ft)(Bytef *dest,uLongf *destLen,
+typedef int (*compress_ft)(Bytef *dest,uLongf *destLen,
        const Bytef *source, uLong sourceLen);
-typedef int (Z_CALLCONV *inflateEnd_ft)(z_streamp strm);
-typedef int (Z_CALLCONV *inflate_ft)(z_streamp strm, int flush);
-typedef int (Z_CALLCONV *inflateInit__ft)(z_streamp strm,
+typedef int (*inflateEnd_ft)(z_streamp strm);
+typedef int (*inflate_ft)(z_streamp strm, int flush);
+typedef int (*inflateInit__ft)(z_streamp strm,
        const char * version, int stream_size);
-typedef int (Z_CALLCONV *deflateEnd_ft)(z_streamp strm);
-typedef int (Z_CALLCONV *deflate_ft)(z_streamp strm, int flush);
-typedef int (Z_CALLCONV *deflateInit__ft)(z_streamp strm, int level,
+typedef int (*deflateEnd_ft)(z_streamp strm);
+typedef int (*deflate_ft)(z_streamp strm, int flush);
+typedef int (*deflateInit__ft)(z_streamp strm, int level,
        const char * version, int stream_size);
 static compress_ft     p_compress=NULL;
 static inflateEnd_ft   p_inflateEnd=NULL;
@@ -119,13 +98,13 @@ static deflateInit__ft     p_deflateInit_=NULL;
 static int zlib_loaded = 0;     /* only attempt to init func pts once */
 static DSO *zlib_dso = NULL;
 
-#define compress                stub_compress
-#define inflateEnd              stub_inflateEnd
-#define inflate                 stub_inflate
-#define inflateInit_            stub_inflateInit_
-#define deflateEnd              stub_deflateEnd
-#define deflate                 stub_deflate
-#define deflateInit_            stub_deflateInit_
+#define compress                p_compress
+#define inflateEnd              p_inflateEnd
+#define inflate                 p_inflate
+#define inflateInit_            p_inflateInit_
+#define deflateEnd              p_deflateEnd
+#define deflate                 p_deflate
+#define deflateInit_            p_deflateInit_
 #endif /* ZLIB_SHARED */
 
 struct zlib_state
@@ -361,16 +340,6 @@ COMP_METHOD *COMP_zlib(void)
                {
 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
                zlib_dso = DSO_load(NULL, "ZLIB1", NULL, 0);
-               if (!zlib_dso)
-                       {
-                       zlib_dso = DSO_load(NULL, "ZLIB", NULL, 0);
-                       if (zlib_dso)
-                               {
-                               /* Clear the errors from the first failed
-                                  DSO_load() */
-                               ERR_clear_error();
-                               }
-                       }
 #else
                zlib_dso = DSO_load(NULL, "z", NULL, 0);
 #endif
@@ -397,84 +366,22 @@ COMP_METHOD *COMP_zlib(void)
                        p_deflateInit_
                                = (deflateInit__ft) DSO_bind_func(zlib_dso,
                                        "deflateInit_");
-                       zlib_loaded++;
+
+                       if (p_compress && p_inflateEnd && p_inflate
+                               && p_inflateInit_ && p_deflateEnd
+                               && p_deflate && p_deflateInit_)
+                               zlib_loaded++;
                        }
                }
 
 #endif
+#ifdef ZLIB_SHARED
+       if (zlib_loaded)
+#endif
 #if defined(ZLIB) || defined(ZLIB_SHARED)
-       meth = &zlib_stateful_method;
+               meth = &zlib_stateful_method;
 #endif
 
        return(meth);
        }
 
-#ifdef ZLIB_SHARED
-#if 0
-/* Stubs for each function to be dynamicly loaded */
-static int 
-stub_compress(Bytef *dest,uLongf *destLen,const Bytef *source, uLong sourceLen)
-       {
-       if (p_compress)
-               return(p_compress(dest,destLen,source,sourceLen));
-       else
-               return(Z_MEM_ERROR);
-       }
-#endif
-
-static int
-stub_inflateEnd(z_streamp strm)
-       {
-       if ( p_inflateEnd )
-               return(p_inflateEnd(strm));
-       else
-               return(Z_MEM_ERROR);
-       }
-
-static int
-stub_inflate(z_streamp strm, int flush)
-       {
-       if ( p_inflate )
-               return(p_inflate(strm,flush));
-       else
-               return(Z_MEM_ERROR);
-       }
-
-static int
-stub_inflateInit_(z_streamp strm, const char * version, int stream_size)
-       {
-       if ( p_inflateInit_ )
-               return(p_inflateInit_(strm,version,stream_size));
-       else
-               return(Z_MEM_ERROR);
-       }
-
-static int
-stub_deflateEnd(z_streamp strm)
-       {
-       if ( p_deflateEnd )
-               return(p_deflateEnd(strm));
-       else
-               return(Z_MEM_ERROR);
-       }
-
-static int
-stub_deflate(z_streamp strm, int flush)
-       {
-       if ( p_deflate )
-               return(p_deflate(strm,flush));
-       else
-               return(Z_MEM_ERROR);
-       }
-
-static int
-stub_deflateInit_(z_streamp strm, int level,
-       const char * version, int stream_size)
-       {
-       if ( p_deflateInit_ )
-               return(p_deflateInit_(strm,level,version,stream_size));
-       else
-               return(Z_MEM_ERROR);
-       }
-
-#endif /* ZLIB_SHARED */
index 7871882..4d0c565 100644 (file)
@@ -220,8 +220,8 @@ void ERR_load_DH_strings(void);
 
 /* Reason codes. */
 #define DH_R_BAD_GENERATOR                              101
-#define DH_R_NO_PRIVATE_VALUE                           100
 #define DH_R_INVALID_PUBKEY                             102
+#define DH_R_NO_PRIVATE_VALUE                           100
 
 #ifdef  __cplusplus
 }
index ea67fb7..b14a94f 100644 (file)
@@ -83,8 +83,8 @@ static ERR_STRING_DATA DH_str_functs[]=
 static ERR_STRING_DATA DH_str_reasons[]=
        {
 {ERR_REASON(DH_R_BAD_GENERATOR)          ,"bad generator"},
-{ERR_REASON(DH_R_NO_PRIVATE_VALUE)       ,"no private value"},
 {ERR_REASON(DH_R_INVALID_PUBKEY)         ,"invalid public key"},
+{ERR_REASON(DH_R_NO_PRIVATE_VALUE)       ,"no private value"},
 {0,NULL}
        };
 
index cc17c88..79984e1 100644 (file)
@@ -217,8 +217,11 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
 
        ret=BN_bn2bin(tmp,key);
 err:
-       BN_CTX_end(ctx);
-       BN_CTX_free(ctx);
+       if (ctx != NULL)
+               {
+               BN_CTX_end(ctx);
+               BN_CTX_free(ctx);
+               }
        return(ret);
        }
 
index 3de99f5..3e51913 100644 (file)
@@ -125,7 +125,7 @@ typedef char* (*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *);
  * file specifications and added together in whatever fashion that is
  * sensible for the DSO method in question.  The only rule that really
  * applies is that if the two specification contain pieces of the same
- * type, the copy from the string string takes priority.  One could see
+ * type, the copy from the first string takes priority.  One could see
  * it as the first specification is the one given by the user and the
  * second being a bunch of defaults to add on if they're missing in the
  * first. */
index a19a075..919c736 100644 (file)
@@ -385,6 +385,7 @@ void ERR_load_EC_strings(void);
 #define EC_F_EC_ASN1_GROUP2PKPARAMETERS                         156
 #define EC_F_EC_ASN1_PARAMETERS2GROUP                   157
 #define EC_F_EC_ASN1_PKPARAMETERS2GROUP                         158
+#define EC_F_EC_EX_DATA_SET_DATA                        211
 #define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY          208
 #define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT    159
 #define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE             195
@@ -428,7 +429,6 @@ void ERR_load_EC_strings(void);
 #define EC_F_EC_GROUP_GET_ORDER                                 141
 #define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS             193
 #define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS               194
-#define EC_F_EC_GROUP_GROUP2NID                                 147
 #define EC_F_EC_GROUP_NEW                               108
 #define EC_F_EC_GROUP_NEW_BY_CURVE_NAME                         174
 #define EC_F_EC_GROUP_NEW_FROM_DATA                     175
index a9f7c9d..5cd1eac 100644 (file)
@@ -281,7 +281,8 @@ int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
        ret = 1;
 
 err:
-       BN_CTX_end(ctx);
+       if (ctx != NULL)
+               BN_CTX_end(ctx);
        if (new_ctx != NULL)
                BN_CTX_free(new_ctx);
        return ret;
index 5693201..dec913b 100644 (file)
@@ -837,11 +837,6 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params)
 
                /* create the EC_GROUP structure */
                ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL);
-               if (ret == NULL)
-                       {
-                       ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
-                       goto err;
-                       }
                }
        else if (tmp == NID_X9_62_prime_field)
                {
@@ -860,11 +855,17 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params)
                        }
                /* create the EC_GROUP structure */
                ret = EC_GROUP_new_curve_GFp(p, a, b, NULL);
-               if (ret == NULL)
-                       {
-                       ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
-                       goto err;
-                       }
+               }
+       else
+               {
+               ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD);
+               goto err;
+               }
+
+       if (ret == NULL)
+               {
+               ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
+               goto err;
                }
 
        /* extract seed (optional) */
index f22c564..0e316b4 100644 (file)
@@ -113,7 +113,8 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
        ret = 1;
 
 err:
-       BN_CTX_end(ctx);
+       if (ctx != NULL)
+               BN_CTX_end(ctx);
        if (new_ctx != NULL)
                BN_CTX_free(new_ctx);
        if (point)
index 923cb71..beac209 100644 (file)
@@ -1100,7 +1100,8 @@ static const ec_list_element curve_list[] = {
        { NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1},
        { NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1},
        { NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1},
-       /* the WAP/WTLS curves */
+       /* the WAP/WTLS curves
+        * [unlike SECG, spec has its own OIDs for curves from X9.62] */
        { NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1},
        { NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K},
        { NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1},
index 73c0055..38302b9 100644 (file)
@@ -88,6 +88,7 @@ static ERR_STRING_DATA EC_str_functs[]=
 {ERR_FUNC(EC_F_EC_ASN1_GROUP2PKPARAMETERS),    "EC_ASN1_GROUP2PKPARAMETERS"},
 {ERR_FUNC(EC_F_EC_ASN1_PARAMETERS2GROUP),      "EC_ASN1_PARAMETERS2GROUP"},
 {ERR_FUNC(EC_F_EC_ASN1_PKPARAMETERS2GROUP),    "EC_ASN1_PKPARAMETERS2GROUP"},
+{ERR_FUNC(EC_F_EC_EX_DATA_SET_DATA),   "EC_EX_DATA_set_data"},
 {ERR_FUNC(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY),     "EC_GF2M_MONTGOMERY_POINT_MULTIPLY"},
 {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT),       "ec_GF2m_simple_group_check_discriminant"},
 {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE),        "ec_GF2m_simple_group_set_curve"},
@@ -131,14 +132,13 @@ static ERR_STRING_DATA EC_str_functs[]=
 {ERR_FUNC(EC_F_EC_GROUP_GET_ORDER),    "EC_GROUP_get_order"},
 {ERR_FUNC(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS),        "EC_GROUP_get_pentanomial_basis"},
 {ERR_FUNC(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS),  "EC_GROUP_get_trinomial_basis"},
-{ERR_FUNC(EC_F_EC_GROUP_GROUP2NID),    "EC_GROUP_GROUP2NID"},
 {ERR_FUNC(EC_F_EC_GROUP_NEW),  "EC_GROUP_new"},
 {ERR_FUNC(EC_F_EC_GROUP_NEW_BY_CURVE_NAME),    "EC_GROUP_new_by_curve_name"},
 {ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_DATA),        "EC_GROUP_NEW_FROM_DATA"},
 {ERR_FUNC(EC_F_EC_GROUP_PRECOMPUTE_MULT),      "EC_GROUP_precompute_mult"},
 {ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GF2M),       "EC_GROUP_set_curve_GF2m"},
 {ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GFP),        "EC_GROUP_set_curve_GFp"},
-{ERR_FUNC(EC_F_EC_GROUP_SET_EXTRA_DATA),       "EC_GROUP_set_extra_data"},
+{ERR_FUNC(EC_F_EC_GROUP_SET_EXTRA_DATA),       "EC_GROUP_SET_EXTRA_DATA"},
 {ERR_FUNC(EC_F_EC_GROUP_SET_GENERATOR),        "EC_GROUP_set_generator"},
 {ERR_FUNC(EC_F_EC_KEY_CHECK_KEY),      "EC_KEY_check_key"},
 {ERR_FUNC(EC_F_EC_KEY_COPY),   "EC_KEY_copy"},
index 3c6967a..5af8437 100644 (file)
@@ -147,7 +147,7 @@ void EC_GROUP_clear_free(EC_GROUP *group)
 
        if (group->meth->group_clear_finish != 0)
                group->meth->group_clear_finish(group);
-       else if (group->meth != NULL && group->meth->group_finish != 0)
+       else if (group->meth->group_finish != 0)
                group->meth->group_finish(group);
 
        EC_EX_DATA_clear_free_all_data(&group->extra_data);
@@ -558,7 +558,7 @@ int EC_EX_DATA_set_data(EC_EXTRA_DATA **ex_data, void *data,
                {
                if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func)
                        {
-                       ECerr(EC_F_EC_GROUP_SET_EXTRA_DATA, EC_R_SLOT_FULL);
+                       ECerr(EC_F_EC_EX_DATA_SET_DATA, EC_R_SLOT_FULL);
                        return 0;
                        }
                }
index 7320e31..a045139 100644 (file)
@@ -879,7 +879,8 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
 
        ret = 1;
  err:
-       BN_CTX_end(ctx);
+       if (ctx != NULL)
+               BN_CTX_end(ctx);
        if (new_ctx != NULL)
                BN_CTX_free(new_ctx);
        if (pre_comp)
index 75296a3..4d26f8b 100644 (file)
@@ -336,7 +336,8 @@ int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
        ret = 1;
 
 err:
-       BN_CTX_end(ctx);
+       if (ctx != NULL)
+               BN_CTX_end(ctx);
        if (new_ctx != NULL)
                BN_CTX_free(new_ctx);
        return ret;
index ab96a6d..1fb9bc9 100644 (file)
@@ -206,10 +206,14 @@ int ECDSA_size(const EC_KEY *r)
        ASN1_INTEGER bs;
        BIGNUM  *order=NULL;
        unsigned char buf[4];
-       const EC_GROUP *group = EC_KEY_get0_group(r);
+       const EC_GROUP *group;
 
-       if (r == NULL || group == NULL)
+       if (r == NULL)
+               return 0;
+       group = EC_KEY_get0_group(r);
+       if (group == NULL)
                return 0;
+
        if ((order = BN_new()) == NULL) return 0;
        if (!EC_GROUP_get_order(group,order,NULL))
        {
index 5143923..74b1fe8 100644 (file)
@@ -69,7 +69,7 @@ ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dlen,
        ECDSA_DATA *ecdsa = ecdsa_check(eckey);
        if (ecdsa == NULL)
                return NULL;
-       return ecdsa->meth->ecdsa_do_sign(dgst, dlen, NULL, NULL, eckey);
+       return ecdsa->meth->ecdsa_do_sign(dgst, dlen, kinv, rp, eckey);
 }
 
 int ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char 
di